You aren't going to brute force a random 6 character password, there are simply too many combinations.
I have myself successfully brute-forced thousands of six character and longer passwords, using John the Ripper on a multicore PC. One 6 character password typically takes under a minute. I'd be surprised if a completely random 6 character password with all four character types would take an hour. Feel free to post the Unix or Windows hash of a 6 character random password, and I'll be glad to take a (forgive me) crack at it.
Six character passwords are too short.
It's worth stating again that I only crack passwords with written authorization from my customers.
Like I said, IGNORING THE SYSTEM. You're talking about a specific program that is cracking a password file. Not to mention, a program like that requires access to the machine in the first place, which would probably make it a pointless endeavor to recover passwords, you already have access to the data.
We could go on all day about specific circumstances where this works, and that doesn't. In the end, it doesn't help at all because most people will tend to form the opinion that it doesn't matter and they will keep using weak passwords.
You want a specific example where a 6 character password will work? Try and crack 256 (try 128 for that matter) bit AES where the key was hashed from a 6 character password. Never going to happen.
In the end, if you want true data security, authentication to prevent access to the system is not the answer. Encryption is the only thing that will prevent access to your data, and even that depends on the implementation of the algorithm itself (plenty of examples of encryption software with holes).
Previous Topic
Index
