when i said 8 i didn't really calculate anything but let me do it now here and you check if i am doing it right:
there are 26 letters in English
x2 because of lower case and upper case
there are 10 numbers
there are 32 signs (symbols) on the keyboard only (*, /, #, $, ,, ^) and i won't count the rest of the signs (ƒ, ¥,£,...)
this total is 94 so a random password like this: Df@m$Jdu (8 char long) has 6E+15 different possible variations.
and if i understand the picture above correctly the worst case scenario is going through 2.5E+5 passwords/s
so it would take 2.44e+10 sec or in other words it takes 773 years to go through the passwords.
Yeah that sounds about right... 8 places, with 94 options per place is 94^8... which is around 6.095E+15 variations...
I guess the issue is that people are stupid and will made a password like Pass1234 and think it is secure. Most hackers are likely to just run a bruteforce on letters and numbers... 62^8 would only be around 27 years
One question I do have, because I'm not sure how the password hashing functions used by the wallets (it was mentioned SHA256 and Scrypt) operate... but what is the risk of hash collision using the various functions? ie. From experience, I know of Excel spreadsheet brute forcing passwords will return a password that unlocks the sheet, but is completely different from the original password used. eg original password was Test1234 and the brute force showed aaaa1999. I assume this is due to checking the "hash" of the input password and the 2 inputs generating the same hash.