The PKZip manual has a handy little table to explain password "hacking" time
for a brute force attack on their encryption key method of protecting a ZIP
file, at the rate of 10,000 keys attempted per second. This does not take
into account the expected value, dividing by two per Gavin and Wirt, and
would be pretty tricky to pull of on a console. Of course, for MPE, case
does not matter, so starting with the 26*36^chars-1 calculation, what I came
up with is in the last column, provided for comparison's sake to the others
at the difficult rate of 10,000 attempts per second. I found it interesting
to compare just 26 chars with MPE standards of allowing numerics after the
first char. Good argument for long passwords with at least one
non-alphanumeric. I wonder if a future version of SECURITY / 3000 (or even
MPE or HP Security Monitor) will allow longer passwords than eight chars?

key  26 chars  96 chars      256 chars          26*36^(chars-1)
len  (a-z)     (typable)     (all ASCII)        (MPE contruct)
3    2 secs    1 min         27 min             3.37 secs
4    1 min     2.35 hrs      4 days             2.02 min
5    19 min    9 days        3 yrs              1.21 hrs
6    8.6 hrs   2 yrs         891 yrs            43.67 hrs
7    9 days    238 yrs       2,283 Cs           65.51 days
8    241 days  228 Cs        584,546 Cs         6.46 yrs
9    17 yrs    21,945 Cs     149,643,989 Cs     2.33 Cs
10   447 yrs   2,106,744 Cs  38,308,861,211 Cs  83.73 Cs