03-03-13, 11:11 PM
I can testify to this as during my final year of University we were assigned to write a program to perform this very task - breaking hashed passwords. Including generating our own Rainbow Tables and using them as well 
Up to 6 characters alphanumeric (ignoring case) would take a fair amount of time to brute force but its easily within a few hours. Increasing it to 8 characters can take days, and longer becomes pointless to ever bother cracking as it takes too long. Dictionary attacks are common and this is why most reasonable sites force you to use both numbers and letters.
This is also why my password for a lot of secure things is 21 characters in length using upper case letters, lower case letters, special characters and numbers with no dictionary words
Up to 6 characters alphanumeric (ignoring case) would take a fair amount of time to brute force but its easily within a few hours. Increasing it to 8 characters can take days, and longer becomes pointless to ever bother cracking as it takes too long. Dictionary attacks are common and this is why most reasonable sites force you to use both numbers and letters.
This is also why my password for a lot of secure things is 21 characters in length using upper case letters, lower case letters, special characters and numbers with no dictionary words
![[Image: 242673.png]](http://badges.fuelly.com/images/smallsig-uk/242673.png)
![[Image: 174802.png]](http://badges.fuelly.com/images/smallsig-uk/174802.png)