Yes, it is possible, that is why the matter of password's complexity is very important.
If someone uses a regular word, phrase, name, or something else that is in the dictionary, these programs will discover the password quickly. Since we began working on BestCrypt, we have strongly recommended using password strings that are as random as possible. A 20-letter English phrase, instead of having 20 x 8 = 160 bits of randomness, has only about 20 x 2 = 40 bits (8 bytes) of randomness. For example, the word "jtBL1@cpheR!*>" is not an English word or phrase and its randomness is much higher than in the passphrase "In God We Trust".
If your password consists of random characters, a length of about 30 characters would be so secure that even won't allow intruders to define your password. More practically, passwords of 12-15 random characters are very strong.
Refer to the article for recommendations on how to create and remember a good password:‘Open Sesame!’ – Is Your Password So Easy To Guess?
BestCrypt includes the following features to protect users from Brute-Force/Dictionary attack:
- Keyfiles. Keyfiles are set during container creation or when adding a new password. Users may choose one or several Keyfiles to secure the container. BestCrypt processes its' contents and generates a hash that is added to the encryption key. To mount a container encrypted with Keyfiles, users needs to provide the correct password as well as the set of Keyfiles. Attackers cannot identify whether keyfiles were used to encrypt the container or not. Brutefrocing passwords + keyfiles will take significantly longer. Moreover, if keyfiles are not stored locally, it will be nearly impossible to succeed with brute force attacks.
- Backup/Wipe Key Block. BestCrypt allows users to create a backup copy of a container's header and to remove (wipe) the original header from the container file. The copy must be stored in a safe place, such as on a removable device. Without the header, it is absolutely impossible to access data inside the container, because the header stores the encryption key for the data. Password-guessing programs are not able to attack such 'headless' containers.
- New hash algorithms. BestCrypt features a number of today’s most secure hash algorithms: Whirlpool-512, SHA-512, Skein-512 and SHA3-512
- Iterations. When creating a container, open Advanced view in the Enter Password dialog. You will see the 'Iterations' edit box. It allows users to set a custom number of hash-function iterations used to generate encryption keys from passwords. The bigger this value, the longer it takes each attempt to guess the password, which increases password security against brute-force attacks significantly.