How insecure is my short password really?

Solution 1:

If the attacker can gain access to the password hash it is often very easy to brute force since it simply entails hashing passwords until the hashes match.

The hash "strength" is dependent on how the password is stored. A MD5 hash might take less time to generate then a SHA-512 hash.

Windows used to (and may still, I don't know) store passwords in a LM hash format, which uppercased the password and split it into two 7 character chunks which were then hashed. If you had a 15 character password it wouldn't matter because it only stored the first 14 characters, and it was easy to brute force because you weren't brute forcing a 14 character password, you were brute forcing two 7 character passwords.

If you feel the need, download a program such as John The Ripper or Cain & Abel (links withheld) and test it.

I recall being able to generate 200,000 hashes a second for an LM hash. Depending on how Truecrypt stores the hash, and if it can be retrieved from a locked volume, it could take more or less time.

Brute force attacks are often used when the attacker has a large number of hashes to go through. After running through a common dictionary they will often start weeding passwords out with common brute force attacks. Numbered passwords up to ten, extended alpha and numeric, alphanumeric and common symbols, alphanumeric and extended symbols. Depending on the goal of the attack it can lead with varying success rates. Attempting to compromise the security of one account in particular is often not the goal.

Solution 2:

You can use this online tool for a estimation http://lastbit.com/pswcalc.asp

Solution 3:

EDIT: Others have given good answers for the part of your question regarding "How easy is it to crack such a password by brute-force? I.e. how fast"

To address this part of your question:

Also, is there some software to brute-force hack truecrypt because I want to try to brute-force crack my own passsword to see how long it takes if it is really that "very easy".

Here are a variety of options for bruteforcing Truecrypt

Here's another one from Princeton University.