It’s pretty easy to calculate. x^y
X= numbers of possible characters (like: abc, 123, !@#, etc) to the power of Y; the number of positions in your password.
The way we were taught was to start simple.
A coin has 2 sides, x=2, so 1 flip = 2^1 = 2 choices, Heads or Tails.
2 flips = 2^2 = 4 choices (if position matters, like in a password):
both heads , both tails, heads/tails, & tails/heads. And so on, adding more flips.
Assuming only English (eg: no accented/non-english letters) and only common symbols, that reduces the “possible characters” set to 94 (52 upper and lower case letters, 10 numbers, 32 symbols)
94^8 = ~6.1x10^15
94 ^9 = ~5.72x10^16
94^10 = ~5.38x10^19
If it could be 8, 9 or 10 char, then we add the above for: 54,434,506,211,718,586,880. Which is a lot of passwords to try. (that’s ~1700 years @ 1billion per second; 1000x faster than the original calc in prev post) You might get lucky and its #5, or it could be the 5th one from the last.
That’s one reason we use strong passwords to lock the vault and app, instead of 6 digit pins.
It’s a headache in a scenario like this, but also assures a scammer would have a rough time breaking in, even if they managed to steal your vault file somehow.
“Dictionary attacks” reduce the number of possible choices by testing against more likely combos (If you know your password wasnt “AAAAAAAA” or “abcd12345” or another random string, you dont have to check those.) Could use an existing list, or just qualifiers like “i know the password contained this word, numbers, etc” (eg: bruteforce only combos that contain the known parts of the password)
The more you know about your password, the more likely you can successfully crack it. (by way of reducing the possiblilities) Unfortunately, I’m not familiar enough with the process to be able to give advice on how to actually solve it.
Getting help from a white-hat hacker is an option that some people have used in this situation, but word of warning, you will basically be giving them access to your wallet (if they are successful), and have to trust that they will give it back. We don’t have recommendations for white-hats to contact for that service.