Some of your Questions:
- Who are you?
- What kind of password?
- Who would use your services?
- How do you do that?
- Can you guarantee to recover my password?
- Is it free?
- What does "Not found" and "In progress" mean?
- Are you guys a scam?!
- Guarantee
- How long will an attempt take?
- Why choose you?
- How will I know when you recover it?
- What does "HEX[xxxxxx]" mean?
- Refund policy
- Data retention
- Tiering & Account validation
- Any useful API there?
- Bug Bounty
- Privacy Policy
- Terms & Conditions
Q. Who are you?
OnlineHashCrack.com provides Professional Services for:
- Password strength testing: measure the effectiveness of a password in protecting sensitive data. This process ensures robust security by analyzing password complexity and unpredictability.
- Password recovery: identify a lost, destroyed, or otherwise inaccessible password, allowing for the successful decryption of key files.
We offer experienced password recovery for all types of computer systems. Within hours or days, we can restore missing passwords or decrypt files completely.
These services contribute to a more secure digital environment by encouraging stronger password practices and ensuring that access to critical data is maintained securely. They address two critical aspects of cybersecurity:
- NIST Protect, ensuring strong passwords helps protect data from unauthorized access.
- NIST Recover, ensuring continuity of access and operation, even when passwords are lost or compromised.
It is crucial that any data or hashes provided are legally obtained (pentesting, audit, strength checks, forensics, etc.).
Our service is contingent on legal and ethical usage, and we reserve the right to terminate services if we suspect unauthorized data ownership.
By using our service/website, you fully accept our Terms & Conditions and affirm that you are not violating any laws or regulations that exist in your country.
Q. What kind of password?
Full list here.
How does the service work? Follow the steps here
Q. Who would use your services?
The basic account provides limited features and functionalities, while a Corporate account offers unrestricted access to the Service.
Basic user can be :
- individual who has forgotten its password (e.g: Windows account password)
- individual who want to test the strength of their own password.
Verified Corporate users - mainly: Law enforcement, investigators, researchers, IT security experts, penetration testers, auditors, consultants, forensics, etc having a legal contract and the owner's consent - have access to a wider range of algorithms suitable for their specific needs within their respective company settings.
It is important to note that the Terms and Conditions apply to all users, regardless of the account type selected.
Q. How do you do that?
Our distributed system use several mechanisms: GPU computations, huge private and public wordlists, brute-force, hybrid attacks, etc. Benefits:
- Fast (Min: few seconds / Max: 4 days)
- An option to speed it up if your are in a hurry
- An option to upload own & custom user wordlist
- Free or low cost: See our pricing policy
- Free API for developpers
- Direct email support, with real humans.
You can also upload your own custom wordlists directly into your account and run it against your tasks.
Q. Can you guarantee to recover my password?
No, a strong password having numbers, special characters and/or long length might not be recovered.
Fortunately we recover a large majority of passwords.
The main factors that influence password recovery include:
- Password Length
- Charset that could have been used
- Encryption or hashing Type
Q. Is it free?
It depends on the password complexity: all you need to know is here: pricing policy.
Q. What does "Not found" and "In progress" mean?
| Status | Description |
|---|---|
| "Found" | We have successfully recovered the password, indicating that its strength is insufficient from a security perspective. |
| "Not found" | We cannot recover it with the information we have and/or you gave us. The password seems to be complex. You can choose another attack (wordlist or bruteforce) to go further and try more candidates. |
| "In Progress" | We are currently working on the task. At this state nobody on earth knows if the attempt will be successful or not: no need to contact us, just wait you'll receive an email if recovered. |
Q. Are you guys a scam?!
Instead of a long speech, take a few seconds to consider the evidences that we are not a scam:
- Several customers testimonials
- You can test our services for free!
We provide 100% money back guarantee if the password we have given you and for which you have paid is incorrect.
Q. Guarantee
We double check each password before sending you an email, thus we are 100% confident that the password is correct.
However, for any reason, if you are not satisfied with the service, contact us and we will check again with you.
We provide 100% money back guarantee if the password we have given you and for which you have paid is incorrect.
Q. How long will an attempt take?
Min: few seconds / Max: 4 days.
You are in a hurry?
You can speed up the recovery process of your task. Click on the 'speed up' option and follow the instructions. The task will be immediately on the top priority.
How does the service work? Follow the steps here.
Q. Why choose you?
We have the experience and resources required to recover your lost passwords.
Here are several customers testimonials.
Q. How will I know when you recover it?
As soon as your password is recovered, we send you an email with the link to get the password.
Q. What does "HEX[xxxxxx]" mean?
It's the hexadecimal encoded representation of your password. Why? Because your password contains non-ascii and/or non-printable character, that's why we surrounded it by "HEX[]".
Copy the hexadecimal string into a hexa-to-ascii converter (google can help you). Or look at this table asciitable.com.
Such unicode characters can be written with a keyboard with this manipulation.
Q. Refund policy
We double-check each password to ensure it's the good one and there is not any error.
However if you have any problem with your order contact us, we can obviously check again to solve the problem or, in some cases, refund you within three business days.
We provide 100% money back guarantee if the password we have given you and for which you have paid is incorrect.
Please don't forget first to read the guide to check our result.
To initiate a refund, please use the contact page, describing all the details of your issue.
We do not refund if: user issue has been resolved by us; or if you purchased a Priority demand or a custom wordlist/bruteforce (because we spent time and resources to run your task); or if you violated our Terms and Conditions.
Q. Data retention
You can delete your own tasks and information by yourself, directly from your dashboard by clicking on the trash icon ().
Moreover, your data (email, task) is automatically deleted:
- after 6 months for activated account (see below);
- after 1 month for non-activated account (see below);
Q. Tiering & Account validation
In order to maintain a secure and trustworthy platform, we have instituted a tiered verification system that strengthens user authentication at various stages. This three-tiered system serves as a critical safeguard against the threat of fake accounts and fraudulent activity, ensuring the platform remains secure and reliable.
Tier 1: Email Verification: Users must provide a valid and accessible email address as part of the registration process. Email verification ensures users receive important notifications and communications. It also acts as a preliminary safeguard against automated bot registrations and low-level fraudulent accounts.
Tier 2: Phone Number Validation: To gain access to additional platform features and more advanced algorithms, users have the option to verify their phone number. Phone verification provides an added level of security and trust by confirming the user's identity and reducing the risk of multiple fraudulent accounts.
Tier 3: Domain Validation: For users seeking full access to the platform's most advanced features and algorithms, domain verification is available. This optional verification process confirms that users represent legitimate organizations or domains, providing the highest level of credibility and trustworthiness on the platform.
By gradually increasing verification requirements based on user activity and engagement, we aim to ensure that the platform remains secure from malicious actors. This system fosters a safe, transparent, and reliable environment for all users.
Additionally, to support law enforcement agencies efforts, we offer special benefits and rates tailored to law enforcement needs. Agencies are encouraged to contact us directly to inquire about these special rates and available benefits.
These Terms apply to all users, irrespective of account type. All users are required to register using a corporate or professional email address. The use of disposable or personal email addresses is strictly prohibited.
Q. Any useful API there?
- WPA: You can use our public API to send your WPA capture dumps. Integrated in wlancap2wpasec tool for WPA.
- Hashes: can be sent through private API (accessible once logged in).
Q. Bug Bounty
Bug bounty program: individuals can receive recognition and compensation for reporting us important vulnerabilities that can put our data, users or databases at risk (e.g: SQLi, RCE, LFI, etc.) which are exploitable.
We highly appreciates the efforts made by the reporting party in identifying the vulnerability. Reporting of such vulnerabilities will contribute to improving the security and reliability of our product and services.
Contact us if you think you have found a security issue.
Note: out of scope: DDoS, email, automated report (eg. OpenVAS, etc.) without exploit code.
Our Coordinated Vulnerability Disclosure Policy (CVDP).
Q. Privacy Policy
Privacy Policy can be found here.
Q. Terms & Conditions
Terms & Conditions can be found here.