> Even 8 a-z characters requires (26^8)/2==104.4 billion attempts to bruteforce on average, which is high
Nu-uh.
Small GPU clusters - 25 in the beneath case - get you 300 billion guesses a second, more than sufficient to guess a 26^8 password in a couple of seconds.
He probably only has one GPU working on the problem, but even at as low as a billion guesses a second, you're going to have the password in way less than a day. It's not unreasonable to think that he'd crack it, especially if he just set a computer to working on it for a couple of weeks or so - and I see no reason he wouldn't.
Also, nesting encrypted containers was/is something people do to hide file names on passworded zips. Which doesn't inspire confidence in the skills of the defender in this case. I see no reason someone would have done so if they'd used decent encryption, like a truecrypt volume.
Nu-uh.
Small GPU clusters - 25 in the beneath case - get you 300 billion guesses a second, more than sufficient to guess a 26^8 password in a couple of seconds.
http://arstechnica.com/security/2012/12/25-gpu-cluster-crack...
He probably only has one GPU working on the problem, but even at as low as a billion guesses a second, you're going to have the password in way less than a day. It's not unreasonable to think that he'd crack it, especially if he just set a computer to working on it for a couple of weeks or so - and I see no reason he wouldn't.
Also, nesting encrypted containers was/is something people do to hide file names on passworded zips. Which doesn't inspire confidence in the skills of the defender in this case. I see no reason someone would have done so if they'd used decent encryption, like a truecrypt volume.