Password Recovery Speeds
Now this is an interesting analysis of password recovery speeds. It compares the password length and the characters used to the time different computers need to brute force the password, ranging from Class A (speed of a Pentium 100) to Class F (supercomputers, large scale distribution) computers and networks of computer systems.
They take a look at passwords that consist of only numbers, only letters, a combination of numbers and letters, and finally letters, numbers and common symbols. For example a six digit password could be cracked by a Class A computer in about 9 hours while a Class F one would reveal the password in the same instance you started the process. Take a look and calculate how long it would take for someone to brute force your passwords.
It's of course a different story if something prevents the brute force process to run at full speed or continue, for example online banking accounts disable the account after three failed login attempts. It is however best to assume that the attacker has gotten hold of the password database somehow, to run the attacks continuously to see how long someone would need to wait before the password would be revealed by the program.
Update: It needs to be noted that the processing power has increased significantly in recent years, which means that the numbers displayed on the page are too conservative in nature. One example: The original chart stated that it would take an average PC back then more than six days to recover a password made up of mixed upper and lower case letters. An average PC in 2012 would only need four days for the same task (see How secure is your password for the full chart).
It can generally be said that recovery speeds improve with every generation of new cpus or workstations. I suggest you check out Mike's article on the topic which offers additional information, an updated chart, and interesting user comments and suggestions.
Advertisement
