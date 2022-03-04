HACK TO THE FUTURE
How Long It Would Take A Hacker To Brute Force Your Password In 2022, Ranked
Submitted by Adwait
Cyber security company Hive Systems crunched the numbers and computed how long it would take hackers to brute force their way into your password, based on the character length and complexity (case, numbers and symbols). Here's what they found.
This depends heavily on the hash function that was used on your password and whether or not your password contains personal information related to you.
Password length is the key. I believe that the different columns (all numbers vs numbers + upper + lower + etc) are irrelevant, unless the hacker knows that the password being hacked is *limited* to the characters specified. In other words, if the only password requirement is 18 chars, the hacker is not going to spend the first 3 weeks of the hack testing only numbers and the following 2 million years testing only lower-case letters.
This makes the chart deceptive, as it would only be accurate if the password system being hacked was to *forbid* any characters other than the ones specified in each column header.
If you're not already using a password manager program with randomly generated passwords for each site you're already at risk.
Not being in the dictionary is also very important. Very few hackers are going to be using straight brute force, they will be using a modified dictionary attack first. First pass will be the list of commonly used passwords, obtained from already posted lists. Next up is a dictionary attack. Finally a modified dictionary attack that substitutes numbers and symbols for letters to get passwords like p4$$w0rD. If they don't have enough of the passwords cracked after that they are most likely moving onto the next file.
Unlike the olden days where hackers had to attack the front door and be locked out after a number of bad attempts they are now working on a password file liberated from the site that required you to use a password.