First, how many of us have a 16-character password?
If the over-under is 1, I’m betting the under.
Still, let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.
Here’s how long it takes to crack it …
According to the Daily Mail, given a 1 –hour time limit, a team of hackers cracked more than 14,800 cryptographically hashed passwords – from a list of 16,449 – as part of a hacking experiment for tech website Ars Technica.
That’s a 90% success rate … almost 250 passwords per minute … about 1/4th of a second per password.
How did they do it?
A mixture of brute-force attempts, wordlists, statistically generated guesses using Markov chains, and other rules to turn a list of hashed passwords into plain text.
The brute force part was accomplished using a 25-computer cluster that can cracks passwords by making 350 billion guesses per second.
For tech details, see the the Daily Mail article.
The process and capabilities are fascinating … and mucho scary.