Saw this – not sure how accurate it is…
How Long It Would Take A Hacker To Brute Force Your Password In 2024, Ranked | Digg
There are hacks and then there are hacks.
Trying to break into a particular account can take time from seconds to eons depending upon the complexity of the password. You have to understand a bit about encryption. Let’s take a simple example of a substitution:
1=A, 2=B so the name of the group ABBA would be 1221. In my example it would not take long to figure that out. For more complex examples it takes lots longer.
Let’s say that the following are encrypted passwords and logon names stolen from various websites:
abc.com r98ewr john@doe.com
def.org 7e7ew freddy
zzz.net 498nxou Ralph99
So you take your trusty decrypter and enter “r98ewr” and the type of encryption it appears to be and tell the software that it can use characters, numbers and punctuation and how long the password is to start with. If you don’t specify the length of the password it might start with a 1 unit… a, then b then c… then a1, then b1 and so on. This will take a while. the system takes the value it calculated and compares it to that “r98ewr” and when its calculated value matches it then knows the password. Kinda like “I am thinking of a color, gress until you get it right”.
How long it takes makes this very inefficient.
However, if I wanted to get into someones account and try to steal money, here is how I would do it. I would not pick a specific account. I would take the password “letmein” or “password” and encrypt it. Lets say that “letmein” encrypts to “498nxou”. I then just have my software search through that list of encrypted passwords and lo and behold, Ralph99 at zzz.net used that password because my encrypted value matches his. A search through a list is a lot easier than trying to sequentually taking words and encrypting them to see if they match a specific account.
There are lists of passwords people often use which include “123456”, “admin”, “12345678”, “qwerty” and so on. So taking one of those words, encryting it and then taking the encrypted value and scanning a list could net you thousands of accounts that you could break into immedietly.
So yes, the chart might be correct if you only tried to crack one password, but the easier way is to break into all accounts with matching passwords.
As an exaple, I took the word ‘qwerty’ and encrypted it with MD5 which is a common encryption. The encrypted value is “d8578edf8458ce06fbc5bb76a58c5ca4”. I then did a Google search for “d8578edf8458ce06fbc5bb76a58c5ca4” and guess what? It is one of the usenames in the Goldman-Sachs breakins.
Cracked Passwords:
experthead:e10adc3949ba59abbe56e057f20f883e - 123456
interestec:25f9e794323b453885f5181f1b624d0b - 123456789
ortspoon:d8578edf8458ce06fbc5bb76a58c5ca4 - qwerty
reallychel:5f4dcc3b5aa765d61d8327deb882cf99 - password