How long would take to break a 13 character password

[zend7]

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

How long would take from state sponsorship attack to bruteforce it ?

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

Thanks in advance for your replies.

[achow101]

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

If those two words are words in a dictionary, then it is significantly easier to crack since dictionary attacks are very easy to do. However if they are not or are in a different language than english, then the difficulty for cracking goes way up. Even with word mangling and some extra numbers or special characters, the password could still be vulnerable to a dictionary attack.

How long would take from state sponsorship attack to bruteforce it ?

That's hard to say, especially without knowing what the password is.

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

In that case, it also depends on the encryption algorithm. Also, since you are reusing the password, if it is compromised in one place, then the time to crack it somewhere else is 0.

[zend7]

Thank you but let me tell you a bit more about it so you can give me a more accurate explanation (this one is accurate enough but I want to add a little info here)

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

A cluster computer have a tons of GPU to try to crack your passwords.

I know hackers cannot break it as the maximum they may have is 1,2 or about 20 clusters maximum but state has as many cluster as they want so regarding this is my question.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

[virtualx]

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

Hackers use word lists. A simple program tries 5000 combinations per second. State actors probably have 1.000.000 or more passwords per second.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Those guys are really awesome  I bet they can do it in under 30 seconds using automated tools.

I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open your file system.

[vasrasus]

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

It is true, There is no safe password because there many tools for cracking algo. But a 13 characters is a very difficult password based on my experience and even a pro hacker without a clue about on your personal info will not gonna make it within a day.

[unholycactus]

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

It is true, There is no safe password because there many tools for cracking algo. But a 13 characters is a very difficult password based on my experience and even a pro hacker without a clue about on your personal info will not gonna make it within a day.

Really depends on which dictionary you are using and how you are using it.
Knowing it's two English words, it won't take long.

Or I should just say it's not secure enough.

[zend7]

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

Hackers use word lists. A simple program tries 5000 combinations per second. State actors probably have 1.000.000 or more passwords per second.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Those guys are really awesome  I bet they can do it in under 30 seconds using automated tools.

I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open your file system.

I accept your challenge. You reward if you can break my test password of 14 digits you will get 0.005 btc

Here is the link to the test

http://rioupload.com/nkpnjs336gqm

Let's see if you are truly a good hacker or all you have is just vain talk.

[European Central Bank]

why are you using any words of any type in the first place? there's only 250-300,000 in English, far less in other languages. memorize some random nonsense and you're suddenly far ahead of the game.

[zend7]

why are you using any words of any type in the first place? there's only 250-300,000 in English, far less in other languages. memorize some random nonsense and you're suddenly far ahead of the game.

I put up a test password of 14 digits as I found it very much entertaining how this guy will crack it in 5 minutes. I am still waiting here and nothing happened and I bet all my belongings he cannot find it even in one month and not in 5 minutes. I just need information for special needs as I may start working for national security in my country and I will be assigned to be in charge of extremely delicate documents to make sure they are safe always at any time, under any circumstances, that's why I have opened up this thread in the first place and now is becoming truly interesting.

You are wrong about words, Arabic Language have at least 10 mln words ,some say even 40 mln.

[virtualx]

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

Hackers use word lists. A simple program tries 5000 combinations per second. State actors probably have 1.000.000 or more passwords per second.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Those guys are really awesome   I bet they can do it in under 30 seconds using automated tools.

I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open your file system.

I accept your challenge. You reward if you can break my test password of 14 digits you will get 0.005 btc

Here is the link to the test

http://rioupload.com/nkpnjs336gqm

Let's see if you are truly a good hacker or all you have is just vain talk.

0.005 btc 

[bitdumper]

well this is really a hard job to calculate the cracking time but i can guess how hard it will be the computer has to guess near about 500000+ word combinations and your password will hardly be anywhere in them but i do not think that much effor will pay me untill you have more than 10btc

[zend7]

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

Hackers use word lists. A simple program tries 5000 combinations per second. State actors probably have 1.000.000 or more passwords per second.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Those guys are really awesome   I bet they can do it in under 30 seconds using automated tools.

I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open your file system.

I accept your challenge. You reward if you can break my test password of 14 digits you will get 0.005 btc

Here is the link to the test

http://rioupload.com/nkpnjs336gqm

Let's see if you are truly a good hacker or all you have is just vain talk.

0.005 btc 

  what's wrong my mate you don't like 0.005 btc as payment for a mere 5 minutes work you have to do ? This is according to you that have said before, I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open my file. You cannot do it or you can do it as I am not understanding anymore

[virtualx]

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

Hackers use word lists. A simple program tries 5000 combinations per second. State actors probably have 1.000.000 or more passwords per second.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

12.000 years is off, because you use words from English language. Hackers do not need to try every combination like abCD$!. It also assumes your computer is secure and you don't have any programs that spy on you. Even (state-owned) computers without internet can be hacked, like that system in Iran.

A good password makes it harder to access your computer, but not impossible.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Those guys are really awesome   I bet they can do it in under 30 seconds using automated tools.

I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open your file system.

I accept your challenge. You reward if you can break my test password of 14 digits you will get 0.005 btc

Here is the link to the test

http://rioupload.com/nkpnjs336gqm

Let's see if you are truly a good hacker or all you have is just vain talk.

0.005 btc  

 what's wrong my mate you don't like 0.005 btc as payment for a mere 5 minutes work you have to do ? This is according to you that have said before, I would need about 5 minutes, 4 to grab a cup of coffee and 1 to open my file. You cannot do it or you can do it as I am not understanding anymore

Yes, I'm greedy   The link is not the direct link to the rar file, but to a page.
14 is a tad long though. I could crack a 4-5 digit rar for you on this machine.

Edit: OP clearly uses dictionary words and not digits, which makes a big difference.

[ivanst776]

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

How long would take from state sponsorship attack to bruteforce it ?

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

Thanks in advance for your replies.

Try to use different but similar passwords if you can't use totally different passwords for each login/wallet etc.

If you use only once a 13 char password including numbers and symbols I shouldn't care much about because it is strong enough.

[Sylon]

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

[Relnarien]

Thank you but let me tell you a bit more about it so you can give me a more accurate explanation (this one is accurate enough but I want to add a little info here)

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

A cluster computer have a tons of GPU to try to crack your passwords.

I know hackers cannot break it as the maximum they may have is 1,2 or about 20 clusters maximum but state has as many cluster as they want so regarding this is my question.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

There are 2 numbers and 1 special character at the end. You didn't specifically say how those 3 characters were ordered, so I would assume nothing regarding their arrangement. According to this page, I can assume there to be a subset of 98 special characters to choose from. Adding in the 10 digits of the decimal system, that would be a set of 108 characters. So the last 3 characters of your password, if taken separately, would result in a possible 1,259,712 (108 x 108 x 108) combinations.

Assuming that you are correct in your assertion that the 2 words which you used for your password cannot be found in any common word list, then we would be forced to use permutation of the 26 letters of the Latin alphabet instead. Using both uppercase and lowercase letters, the first 10 characters of your password would come from 52¹⁰ possible combinations.

With both parts, the password would have to be tested from a possible (52¹⁰ * 1,259,712) combinations of characters.

How long it would take to brute force through all those would depend on the hardware and software used. If you are wrong and the used words can be found in a word list though, then the time would be significantly decreased.

It's somewhat secure, but it becomes even less so the more hints that you give.

It is true, There is no safe password because there many tools for cracking algo. But a 13 characters is a very difficult password based on my experience and even a pro hacker without a clue about on your personal info will not gonna make it within a day.

Stop spamming your sig, Captain Obvious. The OP knows all that. That wasn't his question.

[zend7]

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

I tried those websites with a different 14 character passwords as I don't want to put mine online even if they say the password is not registered to their servers and the answers were pretty good.

First website answer:

It would take 1 computer to crack it a quadrillion years

Second website

Your password is strong and secure and it would take 1328957638 years to crack it

Any approximate time needed to crack this password let's say from state sponsorship with 5000 cluster computers ? (cluster PC are with a tons of GPU-s each for cracking)

[virtualx]

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

I tried those websites with a different 14 character passwords as I don't want to put mine online even if they say the password is not registered to their servers and the answers were pretty good.

First website answer:

It would take 1 computer to crack it a quadrillion years

Second website

Your password is strong and secure and it would take 1328957638 years to crack it

http://www.zdnet.com/article/25-gpus-devour-password-hashes-at-up-to-348-billion-per-second/
25 GPUs devour password hashes at up to 348 billion per second. Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched

Any approximate time needed to crack this password let's say from state sponsorship with 5000 cluster computers ? (cluster PC are with a tons of GPU-s each for cracking)

Suppose the Russian government wants your password. Cracking your password is not necessary. They put a bug in your computer, your house or put a gun to your head. You can't stop a state.

[zend7]

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

I tried those websites with a different 14 character passwords as I don't want to put mine online even if they say the password is not registered to their servers and the answers were pretty good.

First website answer:

It would take 1 computer to crack it a quadrillion years

Second website

Your password is strong and secure and it would take 1328957638 years to crack it

http://www.zdnet.com/article/25-gpus-devour-password-hashes-at-up-to-348-billion-per-second/
25 GPUs devour password hashes at up to 348 billion per second. Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched

Any approximate time needed to crack this password let's say from state sponsorship with 5000 cluster computers ? (cluster PC are with a tons of GPU-s each for cracking)

Suppose the Russian government wants your password. Cracking your password is not necessary. They put a bug in your computer, your house or put a gun to your head. You can't stop a state.

The government where I live in is not allowed to put you a gun to your head to find your password. I am talking about a normal government which if they can't hack your password cannot put you into jail.

So what is the approximate time if they have these AMD GPU-s you are talking about ? That's my main concern of this whole thread, an approximate with the latest equipment of a state (It's a good thing for me my state is not so well developed in this category)

[Relnarien]

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

I tried those websites with a different 14 character passwords as I don't want to put mine online even if they say the password is not registered to their servers and the answers were pretty good.

First website answer:

It would take 1 computer to crack it a quadrillion years

Second website

Your password is strong and secure and it would take 1328957638 years to crack it

http://www.zdnet.com/article/25-gpus-devour-password-hashes-at-up-to-348-billion-per-second/
25 GPUs devour password hashes at up to 348 billion per second. Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched

Any approximate time needed to crack this password let's say from state sponsorship with 5000 cluster computers ? (cluster PC are with a tons of GPU-s each for cracking)

Suppose the Russian government wants your password. Cracking your password is not necessary. They put a bug in your computer, your house or put a gun to your head. You can't stop a state.

The government where I live in is not allowed to put you a gun to your head to find your password. I am talking about a normal government which if they can't hack your password cannot put you into jail.

So what is the approximate time if they have these AMD GPU-s you are talking about ? That's my main concern of this whole thread, an approximate with the latest equipment of a state (It's a good thing for me my state is not so well developed in this category)

As I already posted, it would be (52¹⁰ * 1,259,712) divided by the number of password attempts per second. That can further be decreased by getting more hints about your password. For example, knowing if you only uppercase or lowercase letters would decrease the possible combinations by a factor of 1,024.