Thank you "undeath" and "Mem5" for your helpful comments.
Let's take the 1070 speed of 345,600,000 hashes per day. So that's (unless I'm totally misunderstanding this) 345,600,000 times each day, that Hashcat checks the hash of the wallet.dat file and compares it to the hash of each line of the wordlist. Correct?
If I'm correct, then a wordlist of 1,000,000,000 lines, would take around 3 days to check. Presumably, then, the security of a wallet.dat that got lost / hacked / illicitly copied, would derive from the password not being in the wordlist considering one can check one billion words in 3 days. Is that the right assumption (sorry again for the naive questions)?
At the same time, if we imagine random passwords of eight digits upper case, lower case, and numbers, we have 62 characters (a-zA-Z0-9). An example might be: u8LG0vw2. So, for eight characters, am I correct that we have 62^8 (62 options for each of 8 characters) = 218,340,105,584,896 potential words?
If we 218,340,105,584,896 / 345,600,000 then, to attack every word in the list, we would need 631,771 days. If we took the 10*2080 (no doubt very expensive to rent), we do 218,340,105,584,896 / 9,927,360,000 and we would need 21,993 days to attack every word in the list. Even assuming we only needed 50% of the words to crack the hash, that's still 10,997 days. And that's why it's virtually impossible to crack random strings. And, of course, that's only eight characters and I didn't include symbols.
Does this make sense? Thanks again!
Let's take the 1070 speed of 345,600,000 hashes per day. So that's (unless I'm totally misunderstanding this) 345,600,000 times each day, that Hashcat checks the hash of the wallet.dat file and compares it to the hash of each line of the wordlist. Correct?
If I'm correct, then a wordlist of 1,000,000,000 lines, would take around 3 days to check. Presumably, then, the security of a wallet.dat that got lost / hacked / illicitly copied, would derive from the password not being in the wordlist considering one can check one billion words in 3 days. Is that the right assumption (sorry again for the naive questions)?
At the same time, if we imagine random passwords of eight digits upper case, lower case, and numbers, we have 62 characters (a-zA-Z0-9). An example might be: u8LG0vw2. So, for eight characters, am I correct that we have 62^8 (62 options for each of 8 characters) = 218,340,105,584,896 potential words?
If we 218,340,105,584,896 / 345,600,000 then, to attack every word in the list, we would need 631,771 days. If we took the 10*2080 (no doubt very expensive to rent), we do 218,340,105,584,896 / 9,927,360,000 and we would need 21,993 days to attack every word in the list. Even assuming we only needed 50% of the words to crack the hash, that's still 10,997 days. And that's why it's virtually impossible to crack random strings. And, of course, that's only eight characters and I didn't include symbols.
Does this make sense? Thanks again!