Well, that may be true however, someone with the knowledge to do a brute force checker wouldn't need the info on this post anyway... and, if you're that worries that someone is going to brute force the password in your logs, you should probably choose a more complicated password (with only 8 characters you generally have a good enough protection anyway).
And as for brute forcing 30 million passwords a second: that's absolutely impossible to do with the crypto api, the access is just way too slow. Brute forcing the average 400,000 billion possibilities of an average 8 characters passwords would take months, if not years. Taking Winzip as an example is just using the one software that's using one of the poorest protections ever
.
/ 
![[Image: signature2.gif]](http://www.patchou.com/perso/signature2.gif)
