Frequently Asked Questions

All your Questions answered in one place

Some of your Questions:

Q. Who are you?

Password recovery is the process of identifying a lost, destroyed, or otherwise inaccessible password, allowing for the successful decryption of key files. This can be a crucial service to consider when you have lost important databases, spreadsheets, documents, and other files due to encryption.
OnlineHashCrack.com (this website) provides a professional service that attempts to recover these lost passwords (hashes like MD5 etc), Wifi WPA handshakes, Microsoft Office encrypted files. We are based in Europe.
We offers experienced password recovery for all types of computer systems. Within hours or days, we can restore missing passwords or decrypt files completely.

/!\ We are NOT a hacking website, we do NOT hack/crack websites, and we assume all submitted hashes are for testing purposes only OR are obtained in a legal way (Pentest, audit, strength checks, etc. for example), and you have permission to recover the plain text before uploading them to our website.

/!\ By using our service/website, you affirm that you are not violating any laws or regulations (including as regards, but not limited to, copyright and privacy issues) that exist in your country and/or jurisdiction.

Q. What kind of password?

Full list here.
How does the service work? Follow the steps here

Q. Who would use your services?

As a user of our Service, we offer two types of accounts: 'Basic' and 'Corporate'. Our Basic account provides limited features and functionalities, while our Corporate account offers unrestricted access to the Service. Verified Corporate users use our Service with a legal contract in place, such as for forensics or audits, and have access to a wider range of algorithms suitable for their specific needs within their respective company settings.
It is important to note that the Terms and Conditions apply to all users, regardless of the account type selected.
Basic user can be :
- individual who has forgotten its password (e.g: Windows account password)
- individual who want to test the strength of their own password
Corporate user is mainly: IT security experts, penetration testers, auditors, consultants, Law enforcement, investigators, researchers, forensics, etc having a legal contract and the owner's consent.

Q. How do you do that?

Our distributed system use several mechanisms: pre-calculated tables, GPU computations, huge private and public wordlists, brute-force, hybrid attacks, etc, for password recovery. Benefits:

  • Fast (Min: few seconds / Max: 5 days)
  • An option to speed it up if your are in a hurry
  • Free or low cost: See our pricing policy
  • Direct email support, with real humans!
Moreover, weak passwords are easy to recover. You can check how secure is your password and how fast it could be recovered.

Q. Can you guarantee to recover my password?

No, a strong password having numbers, special characters and/or long length might not be recovered.
Fortunately we recover a large majority of passwords.
The main factors that influence password recovery include:

  • Password Length
  • Charset that could have been used
  • Encryption or hashing Type

Q. Is it free?

It depends on the password complexity: all you need to know is here: pricing policy.

Q. What does "Not found" and "In progress" mean?

Three states are possible:
Status Description
"Found" Great! We successfully recover your password :) We sent you an email, please check your inbox or spam folder.
"Not found" We cannot recover it with the information we have and/or you gave us. The password seems to be complex. You can choose another attack (wordlist or bruteforce) to go further and try more candidates.
"In Progress" We are currently working on the task. At this state nobody on earth knows if the attempt will be successful or not: no need to contact us, just wait you'll receive an email if recovered.

Q. Are you guys a scam?!

Instead of a long speech, take a few seconds to consider the evidences that we are not a scam:
- Several customers testimonials
- You can test our services for free!

Q. Guarantee

We double check each password before sending you an email, thus we are 100% confident that the password is correct.
However, for any reason, if you are not satisfied with the service, contact us and we will check again with you.

Q. How long will an attempt take?

Min: few seconds / Max: 5 days.

You are in a hurry? [For Hashes only]
You can speed up the recovery process of your task. Click on the 'clock' icon and follow the instructions.
We then put your task at the highest priority level of our tasklist. Your recovery task will be immediately on the top priority.

How does the service work? Follow the steps here.

Q. Why choose you?

We have the experience and resources required to recover your lost passwords.
Here are several customers testimonials.

Q. How will I know when you recover it?

As soon as your password is recovered, we send you an email with the link to get the password.

Q. What does "HEX[xxxxxx]" mean?

It's the hexadecimal encoded representation of your password. Why? Because your password contains non-ascii and/or non-printable character, that's why we surrounded it by "HEX[]".
Copy the hexadecimal string into a hexa-to-ascii converter (google can help you). Or look at this table asciitable.com.
Such unicode characters can be written with a keyboard with this manipulation.

Q. Refund policy

We double-check each password to ensure it's the good one and there is not any error. However if you have any problem with your order contact us, we can obviously check again to solve the problem or, in some cases, refund you within three business days. We provide 100% money back guarantee if the password we have given you and for which you have paid is incorrect. Please don't forget first to read the guide to check our result.
To initiate a refund, please use the contact page, describing all the details of your issue.
We do not refund if: user issue has been resolved by us; or if you purchased a Priority demand or a custom wordlist/bruteforce (because we spent time and resources to run your task); or if you violated our Terms and Conditions.

Q. Data retention

You can delete your own tasks and information by yourself, directly from your dashboard by clicking on the black cross.
Moreover, your data (email, task) is automatically deleted:
- after 6 months for activated account (see below);
- after 1 month for non-activated account (see below);

Q. Email verification / activation

Email verification is required to avoid spam. An email with an activation link will be sent to the provided email, just click on that link and your account will be activated.
As a B2B service that is focused on catering to professionals, it is required that Users register using their corporate or professional email address. Please note that disposable emails or personal emails will not be accepted.

Q. Any useful API there?

Still in beta mode, you can use our API to send your WPA capture dump(s) MS Office documents.
Integrated in wlancap2wpasec tool for WPA.

Q. Bug Bounty

Bug bounty program: individuals can receive recognition and compensation for reporting us important vulnerabilities that can put our data, users or databases at risk (e.g: SQLi, RCE, LFI, etc.) which are exploitable.
We highly appreciates the efforts made by the reporting party in identifying the vulnerability. Reporting of such vulnerabilities will contribute to improving the security and reliability of our product and services.
Contact us if you think you have found a security issue.
Note: out of scope: DDoS, email, automated report (eg. OpenVAS, etc.) without exploit code.

Hall of fame
Areeb Jamal

Q. Privacy Policy

Privacy Policy can be found here.

Q. Terms & Conditions

Terms & Conditions can be found here.