Passwords

• CLI tools, such as hashcat and john, compute hashes on the fly using wordlists and rules. They hash each candidate and compare it to your target, which takes time depending on hardware, wordlist size, and rules. This means that they can only crack a hash if its plaintext equivalent is within the worldlist used.

• Online tools, such as CrackStation, use precomputed hash databases (rainbow tables). When you enter a hash it simply looks it up — no cracking needed. Instant results if the hash is known.