Outlook PST Password Crack Speed — Complete Benchmark Analysis

PST encryption — a unique scheme

Unlike Office documents (.docx, .xlsx) which use the standard Office Encryption mechanism (ECMA-376 Agile/Standard encryption), PST files use a completely separate encryption system: the PST encryption key is derived from the password through a proprietary Microsoft algorithm that combines CRC-32 cycling, byte permutations, and iterative hashing.

The encrypted PST stores an encver (encryption version) block: 0x01 for compressible encryption (Outlook 2002 and earlier), 0x02 for high-encryption (Outlook 2003+), and 0x03 for the latest Outlook 2019+/365 variants. The key is derived from the password's Unicode representation, cycled through 10 interleaved CRC-32 and byte-permutation rounds.

Hashcat mode 15700 implements this derivation. The PST hash format is: $pst$ver$salt$check_hash. The verification hash is 20 bytes of the decrypted file header — if the decrypted header matches expected values, the password is correct. Per-candidate cost is moderate because the CRC-32 derivation is computationally light compared to SHA-512 iteration.

Hashcat mode 15700 benchmark results

RTX 5090 (Blackwell, this review): approximately 4,200,000 H/s on mode 15700. This is the fastest single-GPU result available for PST password testing, thanks to the CRC-32 operations being highly parallelizable on GPU compute units.

RTX 4090 (Ada Lovelace): approximately 2,800,000 H/s — a 50% uplift from RTX 3090 (~1,850,000 H/s). The RTX 5090 achieves 4,200,000 H/s, which is 50% faster again than the RTX 4090.

CPU-only benchmark (Intel i9-14900K, 24 cores, hashcat CPU mode): approximately 45,000 H/s. A modern CPU is ~93x slower than an RTX 5090 for PST password checking. This illustrates why GPU-based recovery is essential for any realistic timeline.

Cloud GPU instances (A100 80 GB): approximately 2,100,000 H/s — roughly half the RTX 5090 speed. The A100's compute architecture is tuned for training throughput, not hashcat's integer-heavy operations.

Realistic cracking timelines by password type

Dictionary attack — 10 million word password list with 50 rules (Best64, T0XlC, rockyou-30000). At 4.2M H/s: 10 million × 50 rules = 500 million candidates. Time: 500M / 4.2M = 119 seconds. This is 2 minutes per rule-set pass. Full run across 50 rules ≈ 100 minutes. High probability of success for human-chosen passwords drawn from dictionary words.

Mask attack — 7-character lowercase (26^7 = 8 billion). Time: 8B / 4.2M = 1,905 seconds = 32 minutes. Very feasible.

Mask attack — 8-character mixed case alphanumeric (62^8 = 218 trillion). Time: 218T / 4.2M = 51.9 million seconds = 600 days. Infeasible on a single GPU.

Mask attack — 8-character lowercase + digits (36^8 = 2.82 trillion). Time: 2.82T / 4.2M = 671,000 seconds = 7.8 days. Feasible with a single high-end GPU.

Markov-based mask chain — using password probability models (e.g., PCFG or OMEN). For typical human passwords (10-12 chars, word-based patterns), probability-ordered masks find the password in <5% of the full mask space. This reduces the effective time to hours even for longer passwords.

PST vs OST — encryption differences

OST (Offline Storage Table) files also use the same CRC-32-based encryption scheme as PST files. However, OST files are tied to a specific Exchange/Outlook profile — the password to access the OST is the user's Outlook profile password or Windows credentials, not an independent PST password.

OST recovery is bound by Exchange account recovery rather than hashcat cracking. If the email account is accessible via Exchange webmail (OWA) or the Exchange ActiveSync connection, the data can be re-downloaded as a new PST, bypassing the OST entirely.

Standalone PST files (created by backup, export, or archive) have an independent password set by the user. These are the primary target for hashcat mode 15700. The PST is not tied to any server or account — the password is the only gate.

Multi-GPU scaling for PST recovery

Mode 15700 scales exceptionally well across multiple GPUs because the CRC-32 computation is embarrassingly parallel and does not share memory state between threads. An 8-GPU cluster (8 × RTX 5090) achieves approximately 7.5× single-GPU speed = ~31.5M H/s.

At 31.5M H/s: an 8-character lowercase+digits mask (2.82 trillion) takes 671K seconds / 7.5 ≈ 89,000 seconds = 24.7 hours. An 8-character alphanumeric mixed-case (62^8 = 218T) takes 51.9M / 7.5 = 6.9M seconds = 80 days.

The high parallel efficiency of mode 15700 makes PST recovery one of the most cost-effective Office password scenarios to attack at scale. A recovery service with a moderate GPU cluster can exhaust very large candidate spaces in reasonable timeframes.

Power efficiency comparison

RTX 5090: 4,200,000 H/s at ~480W = 8,750 H/J. RTX 4090: 2,800,000 H/s at ~420W = 6,667 H/J. The 5090 is 31% more power-efficient for PST cracking, a meaningful differentiator for services running 24/7 multi-GPU operations.

At $0.12/kWh: a single RTX 5090 costs $1.38/day in electricity. An 8-GPU cluster costs $11/day. For a 30-day cracking run, total electricity cost is ~$330 — a small fraction of typical recovery service fees.

The hardware amortization cost: ~$2,000 per RTX 5090, expected 3-year lifespan = $1.83/day. Combined with electricity = $3.21/day per GPU. For a recovery service passing this cost to clients, the primary driver is GPU time, not hardware cost.

Practical advice for PST recovery

Before committing to PST password recovery: verify the PST is not backed up elsewhere (old computer, cloud export, Exchange server). Check whether the password might be stored in a browser, password manager, or written down somewhere. The most efficient recovery is finding the password, not cracking it.

If cracking is necessary: hashcat mode 15700 with a rules-heavy dictionary attack is the first step — it finds human-chosen passwords quickly. Mask attack with character-class constraints (you know it has digits but no symbols, etc.) is the second step. Full brute force is the last resort and only feasible for short passwords.

Professional recovery services provide a free analysis that tests the most common 10,000-100,000 passwords and dictionary candidates before committing to a paid plan. This pre-check often succeeds for common password patterns and avoids unnecessary expense.

PST password cracking flow

1. 1

   Extract the PST hash

   Run pst2hashcat (pst2hc) or john2pst on the PST file to extract the mode 15700 compatible hash.

2. 2

   Check encver

   The hash format includes encver (0x01, 0x02, or 0x03). Newer PSTs use 0x03 which is slightly slower to verify.

3. 3

   Run dictionary + rules attack

   Use hashcat mode 15700 with rockyou wordlist and Best64 rules. At 4.2M H/s on RTX 5090, this exhausts 500M candidates in minutes.

4. 4

   Escalate to mask attack if needed

   Apply character-class constraints based on what you remember. 7-char lowercase found in 32 minutes.

5. 5

   Assess feasibility before escalating

   If the password was 12+ random characters, cracking is infeasible. Look for alternative recovery paths (Exchange export, backup).

Frequently Asked Questions

Related Reading