Yes, a wonderful thing like a planned change of passwords was not taken out of thin air, and not according to someone's Wishlist.
Calculated from parameters: hashing algorithm , minimum password requirements and ~number of users .
In a roll, for example , md5(md5($salt).md5($pass)) the speed of brute through cuda of the middle class is 152.0 MH/s (150 million hashes per second)!
Well, this is certainly progress, the 21st century.
Pretty old table, but all the same
But we are talking about a complete enumeration.
But attacks by mask/rules/dictionaries/hybrid and of course by rainbow tables do their job with a bang.
Roughly speaking, having a dump of 100k login : (md5) users, within 3-5 minutes we get the result in more than 50% of the guessed passwords.
Yes, and it is also worth noting that it is certainly worth increasing the length of the password, by increasing it by 2 characters (from 10 to 12), roughly speaking, we complicate the selection task by 300-500 times.
BUT : Considering that this is not just adding at least 6-8 more dictionary / alphabetic letters (phrases).
Those. ItsGoodPassword, even by increasing the password to ItsReallyVeryGoodPassword , will be able to resist a hybrid attack in just a couple of seconds.
For 2008, brute through the GPU (UPPER CASE + lower case + digs + symbols)
But it took not a few years, but only 75 days to get a 12-character password.
PS I'll add an excellent tip from myself: If possible, use non-traditional language layouts, specials. characters (which are not so difficult to prescribe - FAQ For Windows will help).
Well, if you also secure it all with password strength .. Then you are protected from cryptographic attacks ... but far from being absolutely safe ...

You count the number of options that you need to sort through from "0" to "BuRyoNKa1+MaTRyoSHKa2=IzbUshkA3" and multiply by the time of one password entry attempt. This is if you can enter at least how many erroneous passwords in a row.

With the current development of technology, such brute force will continue until about as long as they live.

I once read books on security (serious, but I don’t remember the authors), one of them had advice - there should be at least 12 characters.

An attack on a box is possible not only by brute force. There are always 3 vulnerable points
1. Entry point.
2. Transmission channel.
3. Destination (hosting).
Brute force is an attack on hosting, if there is a password resistant to guessing, the attack will be carried out on points 1 and 2.
The most relevant option is to infect the entry point with a keylogger, but you can also pervert, redirect all traffic to your proxy with the replacement of the HTTPS certificate, which will allow traffic to be viewed.

howsecureismypassword.net
It would take a desktop PC about
239 duodecillion years
to crack your password

busting forever

Calculate the entropy based on the password model:
dictionary word, Russian, in the initial form 16 bits in
Latin +1 bit
register changes according to the algorithm +1 bit
algorithm - only consonants +3 bits (approximately)
digit (if you change) +3 bits
symbol +3 bits (approximately)
dictionary word, Russian, in the initial form 16 bits in
Latin +1 bit
register changes according to the algorithm +1 bit
algorithm - only consonants +3 bits (approximately)
digit (if you change) +3 bits
symbol +3 bit (approximately)
dictionary word, Russian, in the initial form 16 bits in
Latin +1 bit
register changes according to the +1 bit algorithm
algorithm - only vowels +3 bits (approximately)
digit (if you change) +3 bits
Total - about 78 bits, or 32,000 years on a system of 1000 parallel processors.
If you count without a model, that is, take all letters and numbers equally likely from an alphabet of 62 characters, it will take much longer, but this is wrong - the message entropy is determined as the smallest of the values ​​​​after sorting through all the models.

I think you need a "password generator" will apply and at least 20. all that is possible example: gB%[email protected]}c#s*Pu#m8
Numbers Uppercase
letters
Lowercase letters
Spec. characters %, *, ),?, @, #, $, ~
Password length:
20 - characters and here are the links to check the password: https://password.kaspersky.com/ru/ https://howsecureismypassword.net/ there will be different times, it depends on the power of the computer. And at the expense of mail, I’m on Yandex, there is a good protection called YandexKey, I had experience with a hacker, he rated it at 5+, I couldn’t open it! and do not store passwords on your computer! Paradise will be for hackers! And at the beginning there is a password and they ask how long it takes to open it!? Kasparsky showed 10.000 centuries! and the second 24 TWELVE is shorter than your life is enough to open

How long will it take to guess a password if the speed is 10,000 passwords per hour and the length is 6 characters. Are upper case latin letters used?