5 byte passwords cant be cracked

[Gomar]

using A-Z, a-z, 0-9, and Winzip's 256-Bit encryption.
1 character password has 62 possible combinations. It should take a pw cracker 1/2sec to crack.
2 - 3906 - 32secs
3 - 242234 - 34m
4 - 15018570 - 1d10hr
5 - 931151402 - 3 years, 5 months[assuming pw length is unknown, and the pw is the last combination tried]

Adding symbols & space, character set length = 95,
min.pw length=1, max pw length = 4, pw will have 82,317,120 possible combinations. It should take 63days12hrs to crack a Winrar file encrypted with it.
Thus, what's the point of above a 4 character pw?

From Winzip's help file: "In fact, taking maximum advantage of the full strength of AES encryption requires a password of approximately 32 characters for 128-bit encryption and 64 characters for 256-bit encryption."
Certainly, no one can memorize 32 random characters, if using caps, symbols, spaces, etc.

256-bits takes twice as long to crack as 128-Bits. Strangely, using same 2 character pw:winrar - 128-bit - 3m
winzip - 256-bit - 20secs
Winrar's encryption algorithm[eventhough it is 128-bit] is stronger than Winzip's[256-bit].

NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 95-character choice (e.g., the original ASCII character set) with a 12-character random password (12 x 6.5 bits = 78).

On a single computer, using brute force, 500,000 passwords per second: length of the password: 8,
character set: all printable ASCII characters(95), 4463 years to crack.

[tony_j15]

...

[vass0922]

sounds like a cut and paste spam

[Gomar]

sounds like a cut and paste spam

No, it's a legit question. However, this editor messes up my formatting.

[no1_vern]

IF the password was truly random, you would be right. The problem is people DONT use random characters. Almost everyone uses common words/combinations that are easily guessed, or are at the beginning of certain sequences.

3 examples (I worked for 2 of them, and I was proving to my neighbor he needed to do better) - I once worked at a church where the secretaries' password was "Jesus"(It took me 3 tries - God, Father, Jesus, the next 2 would have been Holy, and Bible), When I did temp work for some companies about a decade ago, an admin thought he was brilliant because he used the password "sex god" it took me 18 tries while talking to him, in his office to get the password. My next door neighbor thought he had a TOUGH password for his wireless net - it took me less than 4 minutes to get into his network because he retired from being an Arbys manager(his was 1rbys) dead simple and like my 10th try. IF you havent figured it out yet - many people are stupid when it comes to security. Most assume hidden = inaccessible!

There are "most common passwords" lists for a reason - 99% of the people cant stay away from them.