Uncategorized

766 Trillion Years 20 char EviPass: Code like a randomly generated

Posted on by FMTAD


Résumé express — 766 trillion years to find randomly generated 20-character code

⮞ Summary

This express digest takes ≈ 3–4 minutes. It summarizes the simulation that estimates how long a brute-force attempt would take to find a random 20-character password built from printable ASCII symbols.

⚡ The Discovery

Using Bob Beeman’s Password Strength Calculator (default parameters, 60–109 billion attempts/sec), a random 20-character password drawn from 94 symbols requires approximately 766,076,000,000,000,000 years (~766 trillion years) to be found by brute force.

✦ Immediate Impact

  • Demonstrates practical infeasibility of brute force against long, full-ASCII random passwords.
  • Shows how specialized GPU clusters (e.g. Radeon City) change the practical attack surface for fast hash algorithms.
  • Frames EviPass-generated codes as effectively resistant to brute-force when combined with HSM/NFC protections.

⚠ Strategic Message

Randomness + length + secure storage (HSM/NFC) are decisive. Short, human-memorable passwords remain fragile; hardware-anchored secrets and slow, salted algorithms are required for resilient protection.

⎔ Sovereign Countermeasure

Prefer hardware-managed secrets (EviPass / EviTag / EviCard), offline HSM anchoring, and slow key-derivation functions (bcrypt/PBKDF2/Argon2) to mitigate brute-force risk.

Got two more minutes? Jump to the Advanced Summary for figures, attack-models and a technical comparison with Radeon City and ANSSI’s estimator.

Reading Parameters

Express summary reading time: ≈ 4 minutes
Advanced summary reading time: ≈ 6 minutes
Full chronicle reading time: ≈ 36 minutes
Last updated: 2025-10-02
Complexity level: Advanced / Expert
Technical density: ≈ 73%
Languages: CAT · EN · ES · FR
Linguistic specificity: Sovereign lexicon — high technical density
Accessibility: Screen-reader optimized — semantic anchors included
Editorial type: Strategic Chronicle — Digital Security ·Technical News· Quantum Computing · Cyberculture
About the author: Jacques Gascuel, inventor and founder of Freemindtronic®, embedded cybersecurity and post-quantum cryptography expert.
A pioneer of sovereign solutions based on NFC and hardware encryption, his work focuses on system resilience against quantum threats and multi-factor authentication without cloud dependency.

Editorial Note — This chronicle is living:
it will evolve with new attacks, standards, and technical demonstrations related to quantum computing.
Check back regularly.

Résumé avancé — Simulation, Radeon City & cost of brute force

⮞ Summary

Numbers, reference machines and economic scale: what 766 trillion years means in practice.

Why we used Bob Beeman’s simulator

We used the Password Strength Calculator by Bob Beeman (last updated January 4, 2013) available on www.bee-man.us. The code is public and transparent, allowing parameter control (attempts/sec, symbol set, length).

Radeon City: reference attacker

⮞ Summary

Radeon City (Jeremi Gosney / Stricture Consulting) used five servers with AMD Radeon HD7970 GPUs to reach ~350 billion NTLM guesses/sec in 2012 — a practical baseline for fast algorithms.

Simulation parameters & formula

We applied the common brute-force formula: a^b / (c * 2), where “a” = possible symbols (94), “b” = password length (20), and “c” = hash computations/sec. With a 50% chance benchmark (divide by 2) and default Beeman values (60–109 billion/sec), the result is ~766,076,000,000,000,000 years.

Financial implications

Using Gosney’s reference machine cost (~$30,000 in 2012 for the Radeon cluster at scale), extrapolating to achieve brute force capabilities to invert such a password within feasible time would require astronomical investment — the article estimates nearly $25 billion to reach parity with the simulation’s target workload, a figure compared to global military spending references.

Beyond brute force

This analysis focuses strictly on brute force. Other countermeasures (physical blockchain anchoring, jamming, HSM protections) further increase attack cost and complexity — topics to be addressed in follow-ups.

Key Insights

  • Full-ASCII 20-char random passwords are effectively uncrackable by brute force with current public GPU technology.
  • Fast hash algorithms (NTLM, MD5, SHA1) massively reduce brute-force cost; prefer slow, salted KDFs.
  • Hardware anchoring (NFC HSM / EviPass family) materially increases attack complexity and cost.


766 trillion years to find randomly generated 20-character code

766 trillion years to find randomly generated 20-character code is the result of a simulator to find a 20-character generated by technology EviPass. The age of the universe is estimated at only 14 billion years, this gives you an idea of comparison.

Discovery & Context

⮞ Summary

We ran Bob Beeman’s Password Strength Calculator with default parameters (60–109 billion attempts/sec) and a 94-symbol alphabet for a 20-character random string. The computed time to find the password by brute force is ~766 trillion years.

How did I find this result that you can control on your own?

We used the Password Strength Calculator developed by Bob Beeman [1] which was last updated on January 4, 2013. This simulator is freely available on the www.bee-man.us website as well as the source code used.

Why We Chose Bob Beeman’s Simulator

In our quest to estimate the time it would take to crack a random 20-character code, we had several simulation tools at our disposal, including lastbit.com [2], password-checker.online-domain-tools.com [3], and ANSSI’s [4] simulator from ssi.gouv.fr. However, we ultimately opted for Mr. Bob BEEMAN’s simulator due to its transparent calculation method and its technical approach to brute force attacks.

Acknowledging Mr. Bob BEEMAN

Before delving into the details of our simulation, we must extend our gratitude to Mr. Bob BEEMAN for making his code freely accessible and copyable while upholding his copyrights, as explained on his website. We hope our research can contribute to his already impressive achievements, including a record-breaking 15-millisecond feat.

Reference to Ultra-Powerful Computers

To provide you with a comprehensive understanding of the state-of-the-art technology for brute force attacks in 2013, we examined Bob Beeman’s simulator’s reference to an ultra-powerful computer designed in 2012 specifically for password cracking.

Considering Computational Capacity

Bob Beeman’s simulator takes into account the computational capabilities of computers, including the 2012 design, for executing brute force attacks on passwords. It allows for adjustments in the “Values of Hacker: Axes/Second,” providing a valuable point of reference and comparison.

Staying with Default Parameters

For the sake of consistency, we maintained the default example provided by Bob Beeman, which assumed a rate of 60-109 (billion) attempts per second.

Radeon City: Revolutionizing Password Security

Jeremi Gosney, the visionary behind Radeon City and the CEO of Stricture Consulting Group, sought to create a powerhouse capable of cracking passwords with unprecedented speed and efficiency. His solution? Virtual OpenCL (VCL), a groundbreaking virtualization software. Gosney assembled five servers, each armed with five AMD Radeon HD7970 graphics cards, interconnected through VCL. The cluster, aptly named Radeon City, was born at a cost of approximately $30,000 in 2012.

Radeon City Specifications

server filled with 25 AMD Radeon HD 7970 GPUs

Here’s a snapshot of Radeon City’s technical specifications:

  • Servers: 5
  • Graphics Cards: 25 AMD Radeon GPUs
  • Model: AMD Radeon HD7970
  • Memory: 3 GB GDDR5
  • Clock Speed: 925 MHz
  • Compute Units: 32
  • Stream Processors: 2048
  • Peak Performance: 3.79 TFLOPS
  • Virtualization Software: Virtual OpenCL (VCL)
  • Password-Cracking Software: ocl-Hashcat Plus
  • Cost: $30,000 (2012)

This powerhouse enables Radeon City to achieve unprecedented speeds in password cracking, making it a game-changer in the realm of data security.

Advantages & Disadvantages of Radeon City

⮞ Summary

A high-throughput GPU cluster is powerful and flexible, yet costly and demanding to operate.

Advantages

  1. Power: can attack both fast and, to a degree, slow algorithms with extensive rules and wordlists.
  2. Flexibility: supports many attack modes (brute-force, dictionary, combinator, hybrid).
  3. Innovation: virtualization (VCL) overcame hardware limits in 2012.

Disadvantages

  1. Cost: build & operation are expensive (electricity, cooling).
  2. Noise & Cooling: requires specialized environment.
  3. Ethics: legal/ethical concerns about use.

Simulation Parameters and Results

To calculate the estimated time required to find a 20-character code with 94 symbols, we used the formula:

a^b / (c * 2)

Where:

  • “a” represents the number of possible characters,
  • “b” denotes the number of characters in the password,
  • “c” indicates the number of hash calculations achievable per second.

By selecting 94 symbols, a password length of 20 characters, and a 50% probability of success compared to the theoretical result, our simulation yielded an astonishing result: 766.076,000,000,000,000 years or 766 trillion [5] years.

Understanding the Financial Implications

This simulation approach not only provides insights into the time required but also sheds light on the financial investments necessary to establish a computer system capable of cracking such a password.

Consider this: The reference computer, as configured by Gosney, relies on a pool of 25 virtual AMD GPUs to crack even robust passwords. Yet, a single unit of this type, priced at approximately $30,000 in 2012, can generate just 348 billion hashes of NTLM passwords per second. To achieve results within the realm of 766 trillion years, one would need to acquire multiple such machines.

Hence, to decipher only a 20-character password generated with EviPass technology, residing within an EviTag NFC HSM or EviCard NFC HSM device, an investment of nearly $25 billion would be required. A remarkable comparison, given that global military expenses were estimated at 1.7 billion dollars [6].

Beyond Brute Force

It’s important to note that this test focused solely on brute force attacks without taking into account the activation and utilization of additional countermeasures, such as physical blockchain and jamming, which will be explored in future articles.

ANSSI’s Simulator — a point of reference

⮞ Summary

ANSSI’s online simulator (ssi.gouv.fr) limits inputs to 20 characters and 90 symbols and returns a maximum score of 130, comparable to a 128-bit AES key. Our generator uses 95 printable ASCII symbols and 20 chars, exceeding ANSSI’s standard presets.

Diverse Password Generation Options

Our password creation options offer versatility. Users can either select passwords from the pool of 95 available characters, opt for a semi-automatic generation followed by modification, or automate the process entirely according to default criteria, allowing passwords of up to 20 characters.

Adaptability to Website Constraints

For websites that impose restrictions on symbols or character limits, users can customize their password generation preferences, choosing between identifiers, letters, and/or numbers, with or without symbols.

Hexadecimal Generator for Added Utility

We’ve also introduced a hexadecimal generator to facilitate programming of digital codes. This feature proves invaluable in various domains, including electronics, electromechanics, and maintenance services, enabling the creation and modification of digital access codes with ease. Furthermore, codes can be securely shared with building residents through functions like “scrambling” or encryption via a QR Code, all made possible by EviCore technologies from Freemindtronic.

Forming Your Own Opinion

The aim of this article is to empower you to form your own assessment of the resilience of our password generators against brute force attacks. While we are not the sole providers of powerful password generators, our test stands as a benchmark against other comparable implementations.

Ensuring Ongoing Security

Our embedded password generator undergoes regular updates to maintain its complexity and withstand the evolving landscape of brute force attacks. Our commitment is to enhance security without compromising user convenience—a complex yet vital undertaking.

Cas d’usage souverain — EviPass & Freemindtronic

⮞ Cas d’usage souverain | Résilience avec Freemindtronic
Storing long random passwords inside an NFC HSM device (EviTag / EviCard) managed by the Freemindtronic app reduces attack surface: secrets never transit the DOM, access is hardware-gated and audit trails are preserved.

References & links

Strategic Outlook

The brute-force infeasibility demonstrated here strengthens the case for combining cryptographic best practices (KDFs, salts), hardware anchoring (HSM/NFC), and user-friendly password managers (EviPass). Future research will compare operational attack chains, side-channels and hybrid attacks to refine protective doctrines.

What We Didn’t Cover

⧉ What We Didn’t Cover
This article focuses on brute force estimates. Physical countermeasures (blockchain anchoring, jamming), side-channel attacks, and full operational attack chains are for future work.
[/ux_text] [/col] [/row]

Weak Signals — Emerging Threats

  • AI-assisted brute-force optimizations could reduce entropy exploration, though current gains remain marginal vs 20-char ASCII codes.
  • Quantum computing acceleration for hash inversion (beyond Shor’s factoring) remains theoretical but under exploration.
  • Specialized ASICs for password cracking may alter economics but not exponential scales.

Glossary

  • ASCII — American Standard Code for Information Interchange; 95 printable characters used for passwords.
  • Brute force — Exhaustive testing of all possible combinations to guess a secret.
  • GPU cluster — Array of graphics processors used for parallel computation in password cracking.
  • HSM — Hardware Security Module; secure enclave for managing secrets like cryptographic keys.

FAQ

Why is a 20-character ASCII password unbreakable?

Because the keyspace (94^20 possibilities) is astronomically large. Even with modern GPU clusters, brute force would take ~766 trillion years.

What makes Radeon City significant?

It set a benchmark in 2012 by reaching 350 billion NTLM guesses/sec, showing how GPU parallelism changed brute-force feasibility for short passwords.

Is ANSSI’s simulator still relevant?

Yes, as a reference point. However, it caps inputs at 20 chars / 90 symbols, while Freemindtronic generators use 20 chars / 95 symbols, exceeding its scope.


FMTAD

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.