"The only certain way for a hacker to find a correct password is to try every possibility until he gets lucky -- a process called bruteforcing. A one-, two- or three-character password can be bruteforced quite quickly, but as the password length increases, the chances of successfully bruteforcing a password become vanishingly small. The time required to have a reasonable chance of bruteforcing a 15-character password can be measured in billions of years.
"Medusa is described as a "speedy, massively parallel, modular, login brute-forcer" with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa has been designed to run faster than Hydra by using thread-based (rather than Hydra's process-based) parallel testing to attempt to log in to multiple hosts or users concurrently."
