Please note, this is a STATIC archive of website hashcat.net from 08 Oct 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Can this password type be brute forced?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Please help me understand if this password length and type can be brute forced. I have no prior knowledge and now I am forced to learn Smile

I generated a password with KeePassX that looks like this: fBX9M7r2HZDa2QEVBqo9faMjW9E37nxPBSf
Length: 35
Chars: 0-9a-zA-Z

If it would start with 000000000000000000000000000000000001 ... it would be impossible. There are obviously some rules to the password that should make it "easier".

Is it even possible to crack it within years even? If so, what do I need to understand & learn before proceeding?

Thanks!
[0-9a-zA-Z] is 26 * 2 + 10 = 62 possibilities. Let's call it 6 bits (64 possibilities) just to round to nearest.

Assuming the password is generated randomly (and I'm pretty sure KeePassX will be OK here) that means we have 6*35 = 210 bits of keyspace.

That means 2^210 operations. I'm pretty sure anything > 2^100 is computationally infeasible.

So, no, it can't be bruteforced I don't think, doesn't really matter what the hash type is. (Some are slower than others for guessing.)

Some please check my working though...
Assuming a theoretical hash rate of 1 TH/s (which is already very fast, even for a fast hash mode) you'd be looking at about 10^43 years of cracking. Pretty sure that's well beyond the expected end of the universe.

62**35 / 1e12 / 60 / 60 / 24 / 364
1.722241326746101e+43

just for comparison, a twelve character password would take about 100 years to complete under the same circumstances
62**12 / 1e12 / 60 / 60 / 24 / 364
102.58530354592425