An Ottawa judge told the Crown Prosecution Service to return a suspect's mobile phones after prosecutors failed to unlock them after trying 175 million passwords:
The police seized the phones in October 2022 with a warrant obtained based on information about a Google account user uploading images of child pornography. The contents of the three phones were all protected by complex, alpha-numeric passcodes.
Ontario Superior Court Justice Ian Carter heard that police investigators tried about 175 million passcodes in an effort to break into the phones during the past year.
The problem, the judge was told, is that more than 44 nonillion potential passcodes exist for each phone.
To be more precise, the judge said, there are 44,012,666,865,176,569,775,543,212,890,625 potential alpha-numeric passcodes for each phone.
In his ruling, Carter said the court had to balance the property rights of an individual against the state’s legitimate interest in preserving evidence in an investigation. The phones, he said, have no evidentiary value unless the police succeed in finding the right passcodes.
The article helpfully describes how dictionary attacks work, but doesn't attempt to figure out how long it would take to brute-force them. (I'm not going to attempt that, either, but I expect it's a while.)