Password Time-to-Crack Estimation
Learn how password crackers estimate time-to-crack. Understand attack speeds for CPU, GPU, and ASIC hardware, and see how password length and character set affect cracking duration.
Detailed Explanation
How Time-to-Crack Is Estimated
A time-to-crack estimate answers a simple question: given a password's entropy, how long would it take an attacker with specific hardware to try every possible combination? The calculation depends on two factors: the search space (total possible passwords) and the attack speed (guesses per second).
The Formula
Average time = 2^(H-1) / guesses_per_second
Where H is the password entropy in bits. We use 2^(H-1) because, on average, an attacker needs to try half the keyspace before finding the correct password.
Attack Speed by Hardware
Modern password-cracking speeds vary enormously depending on hardware and the hash algorithm protecting the password:
| Hardware | MD5 (fast hash) | bcrypt (cost 12) | Argon2id |
|---|---|---|---|
| Single CPU | ~500M/s | ~5/s | ~1/s |
| Single GPU (RTX 4090) | ~60B/s | ~150/s | ~10/s |
| GPU Cluster (8x 4090) | ~480B/s | ~1,200/s | ~80/s |
| Specialized ASIC | ~1T/s | N/A | N/A |
Time-to-Crack Examples (MD5, Single GPU)
| Password | Entropy | Search Space | Time at 60B/s |
|---|---|---|---|
| 6-char lowercase | 28.2 bits | 3.1 × 10^8 | < 1 second |
| 8-char alphanumeric | 47.6 bits | 2.2 × 10^14 | ~30 minutes |
| 12-char alphanumeric | 71.4 bits | 3.2 × 10^21 | ~850 years |
| 16-char full ASCII | 105.1 bits | 4.4 × 10^31 | ~11 sextillion years |
Why the Hash Algorithm Matters
The hash algorithm used to store the password is just as important as the password itself. Fast hashes like MD5 or SHA-1 allow billions of guesses per second. Slow, memory-hard hashes like bcrypt or Argon2id deliberately limit attack speed, making even shorter passwords far more resistant.
A password with 50 bits of entropy hashed with MD5 might fall in minutes on a GPU. The same password hashed with bcrypt (cost 12) would take decades, because each guess now costs orders of magnitude more computation.
Limitations of Time-to-Crack Estimates
Time-to-crack assumes pure brute force — trying every combination. Real attackers use smarter strategies:
- Dictionary attacks test common passwords first
- Rule-based attacks apply transformations (capitalize first letter, append digits)
- Credential stuffing reuses passwords leaked from other breaches
These techniques bypass the brute-force model entirely, which is why password uniqueness and breach monitoring matter as much as raw entropy.
Use Case
Time-to-crack estimation helps security teams set minimum password length policies, choose appropriate hash algorithms, and communicate risk to stakeholders. Developers use these estimates to justify bcrypt or Argon2id over faster hashes, and end users see concrete numbers that motivate stronger passwords.