How long does it take to crack a password of 8 characters?

An article I read states that -

Brute-force techniques trying every possible combination of letters, numbers, and special characters had also succeeded at cracking all passwords of eight or fewer characters.

There are 6.63 quadrillion possible 8 character passwords that could be generated using the 94 numbers, letters, and symbols that can be typed on my keyboard. I'm sceptical that many password combinations could actually be tested. Is it really possible to test that many possibilities in less than a year in this day and age?

Answered by Mary Howard

The answer to your question - How long does it take to crack a password of 8 characters is that - Some numbers for 8 chars PW if randomly chosen from a 94 character set:


Windows PW (NTLM:1), using the above mentioned 25 GPU recovery monster: 2.2 hours on average

WiFi (PBKDF2/SHA1:4096) using an 8 GPU recovery system: 98 year on average

7ZIP (PBKDF2/SHA256:262144) using an 8 GPU recovery system: 26 centuries

So it is 'possible' for certain cases for us, maybe yes in all above cases for some agencies.

Suppose your set of 'obtained' hashes contained 5 million password hashes, then even for the 98 year WiFi case, 145 keys will be found on day 1 (on average). If your password is amongst them, then you experience that also for the WiFi case it is indeed possible! .... if my calculations are right.



Your Answer

Interviews

Parent Categories