I have been able to crack passwords, given their salts and their hashes, by using brute force. In the first place, the length of passwords was 3 and the salt length 2: e.g., hash: rrVo/xC.s5/hQ, salt: rr => password: thr (time: ~0m4.579s) Now, for passwords of length 4 and salt length 2: e.g., hash: ss1C5xfz6Nggg, salt: ss => password: four (time: ~7m19.531s) As I have said, these passwords were obtained using a brute force algorithm. It is useful for short password lengths: as the numbers of characters for the password increase, the required time to break the password grows exponentially. What I want to know is more efficient technique to reduce the search space. Additional info: a) Passwords are created using: A-Z, a-z, 0-9, and symbols: $, #, +, @, =, /, & b) I have been using the openssl command to generate the hashes and compared them to the given hash $ openssl passwd -crypt -salt rr thr in a bash script.