Okay…I’m confused as to what you’re saying.
Take a super-common website platform like WordPress. It uses a plain text password, a “salt”, and a hashing algorithm. The encrypted password and the salt are stored in the database. And that database can be picked up and moved from machine to machine, without the passwords becoming invalid.
What’s the hash key that would be unavailable to a password cracker?
A four-number passcode, the previous default length, would take on average about seven minutes to guess. If it’s six digits, it would take on average about 11 hours. Eight digits: 46 days. Ten digits: 12.5 years.
If the passcode uses both numbers and letters, there are far more possible passcodes — and thus cracking it takes much longer. A six-character alphanumeric passcode would take on average 72 years to guess.
iPhone passcodes are even more secure by design! From this linked post on Daring Fireball: Daring Fireball: How Modern iPhone Encryption Works
It takes 80 milliseconds for an iPhone to compute each guess. While that may seem small, consider that software can theoretically try thousands of passcodes a second. With the delay, it can try only about 12 a second.
And (un?)surprisingly effective. I get notifications about this kind of thing relatively frequently, often in the form of username, plaintext password, for users at my workplace. The tendency to reuse passwords or vary them in predictable ways really helps attackers
That’s the thing - you don’t have to have many successes to make this stuff worth it. Kind of like spammers. Send 100 million emails for fake Viagra or whatever. Get 1% of 1% to click through, and it’s profitable.
And when you can program computers to do most of the work for you, even more so.
People wonder how people have the time and motivation to hack things, and the answer is that a lot of them don’t. The web server I currently admin routinely will get hundreds of requests on (for example) a WordPress website for Joomla / Drupal / other CMS exploitable files. Nobody is actually doing this manually - a computer is doing it automatically. And if it finds something that can be exploited, frequently the hack is done automatically as well.
It’s the dark side of technology automation. 