Originally Posted by
nkedel
Cracking passwords, in that sense, works backwards.
You have a hash (
examples here) and try different passwords until you generate the matching hash value.
Of course, you need a dump of passwords first.
That helps, thanks ^
Since we are really talking about an offline brute force cracking it presumably means that length and mixed character types are the only thing that will take time and slow up the attacker? Hence my query about 20 letters, so that
!1234567890.Abcdefgh Is a magnitude smaller than !1234567890.Abcdefghi
and therefore much less secure?
I am really trying to gauge how long it will hold back the attacker so that changes could be made if the hack became public!