Hello Robert and Fred,
I’m afraid the password requirements are not going to help with a brute force attack, at least not much. The easy summar is, at least 8 characters, and “sufficiently” complex.
What we actually do is more advanced. It has to be at least 8 characters. First we filter out the 1000 most common passwords when judging the strength (so “Password1234” is equivalent to no password at all). Then we calculate the “entropy” in bits of the password. Simply put, we do this by attempting to compress the password, and count the resulting bits, and then we have a lower threshold in bits where we won’t accept it.
If you actually think you almost know the password, let’s say you’d just need at most a million guesses, then it’s feasible if you have a good computer and some time. We have a simple tool to assist you in this case. Please contact support att axcrypt dott net if you need this tool.