The Password is One Two Three Four Five...

[Rina]

That would be 7.2988 x 10^9 years or 7,298,800,000 years. Incidentally that's the same as the time it'd take to crack my DTF password with the dictionary.

Brute Force: 1.52 Days
Dictionary: 7,298,800,000 years

[rumborak]

I have a very hard time believing that website can give even such an approximate time frame in such a quick response.

rumborak

[bosk1]

I have a very hard time believing that website can give even such an approximate time frame in such a quick response.

rumborak

This.  And I'm also a bit wary of typing some of my more commonly used passwords into a website that I know nothing about, which is why I haven't done it.

[Sir GuitarCozmo]

I don't think any of us needed that website to guess "b0rl@g!s@d00dyhe@d11" as your password.

[bosk1]

Wow.  The fact that you are only one character off is pretty scary.

[Sir GuitarCozmo]

[yorost]

I have a very hard time believing that website can give even such an approximate time frame in such a quick response.

rumborak

This.  And I'm also a bit wary of typing some of my more commonly used passwords into a website that I know nothing about, which is why I haven't done it.

The time frame is all simple calculation, especially since, as stated, the dictionary checked is really small.  It's just based on what character sets you use.  Are you using multiple cases; using both letters numbers, using symbols, etc.  The calculation is not unique to your specific password, "AfG6" should be the same as "55yT".  ...which is also why you don't have to type your own password.  Just keep the case, character classes, and length the same, you should get the same result.

Also, when it says 20 years, it means it would take 20 years using a the appropriate character set to try all combinations.  Even the most complicated password can be broken on the first try by brute force if they start randomly.

[El Barto]

Yeah, I used close approximations of my passwords.  All that matters for accuracy is the size of the keyset and the number of characters. 

And like Yorost said, it's nothing but simple mathematics.  It's as simple as computing 64^96 in my case, then dividing by the number of attempts per year.

[Fiery Winds]

The calculation uses javascript, so none of your information is transferred outside of your computer.  That's also how it can calculate new values as you add them, because your computer is calculating them.  However, since we're talking about extreme security measures, I understand taking extra precautions.