Yesterday I asked about limiting the attempt to enter the password as a way to protect an encrypted file, which is a feature of the GlarySoft program, and Bernhard Reiter gave me the answer that After the attacker gets the files on the disk, no application can limit the more attempts, the attacker can simply run multiple instances. I just wanted to know if this tool to limit password attempts would be useless, because even with this feature it would still be possible to execute a dictionary attack or brute force?
as I don’t know what the Glarysoft program does, I cannot evaluate it.
The principle holds though: once an attacker gets hold of the (encrypted) private key material on disk, it will be able to run attempts as fast as its machines allow.
(Again: A strong key derivation function will make this take more time.)