Don't like ads? Go Ad-Free Today 

Password Hash Crack Time Estimator

DeveloperSecurity

ADVERTISEMENT · REMOVE?

[iotools_password_hash_crack_time_estimator]

ADVERTISEMENT · REMOVE?

Guide

Password Hash Crack Time Estimator

Estimate how long it would take a real-world attacker to brute-force a password protected by a specific hashing algorithm. The estimator pairs Hashcat-grade hash rates with the keyspace of your chosen password composition, then reports a crack time across four attacker tiers: a budget GPU, a single RTX 4090, a professional eight-GPU cluster, and a nation-state-scale botnet of one thousand H100 accelerators.

Unlike generic strength meters, this tool understands that not all hashes are created equal. A twelve-character password protected by MD5 falls in seconds; the same password behind Argon2id with sensible parameters can resist nation-state resources for centuries. Choosing the algorithm and its cost parameters is often more important than adding more characters.

How to Use

Pick the hashing algorithm your application uses to store passwords.
If it is a key-derivation function, set its cost parameters. For bcrypt this is the cost factor; for scrypt, the N parameter; for Argon2id, memory in megabytes and the iteration count; for PBKDF2, the iteration count.
Enter the length of the password you want to evaluate and choose the character set it draws from.
Read the crack-time row for the attacker tier you care about. The recommendation banner uses the professional cluster tier as a realistic ceiling for a motivated offline attacker.
Iterate on the algorithm, cost, length, or charset until the verdict turns green for the threat model you are defending against.

Features

Eight algorithms — MD5, SHA-1, SHA-256, SHA-512, bcrypt, scrypt, Argon2id, and PBKDF2-HMAC-SHA256, including their salted, memory-hard, and iteration-cost variants.
Four attacker tiers — Budget GPU, single RTX 4090, professional eight-GPU cluster, and a nation-state-scale fleet of H100s, each calibrated against published Hashcat 6.x benchmarks.
Cost-aware KDF scaling — bcrypt cost factor, scrypt N, Argon2id memory and time, and PBKDF2 iterations all rescale the per-tier hash rate, so changing a parameter immediately shifts the verdict.
Logarithmic math — Handles long passwords and large keyspaces without overflowing, so a thirty-two-character symbol password still produces meaningful numbers rather than infinity.
Color-coded verdicts — From “cracked instantly” through “excellent”, each row earns a verdict pill that matches its time bucket, plus an overall recommendation pegged to the professional cluster tier.
Six character sets — Digits-only PINs through the full ninety-four-character ASCII printable space, with the character count shown next to each option so it is clear what you are buying with extra diversity.

ADVERTISEMENT · REMOVE?

 FAQ

What is a hash rate and why does it vary so much between algorithms?

Hash rate is the number of guesses per second a piece of hardware can test against a target hash. Fast, unsalted designs like MD5 and SHA-256 are essentially single passes through a compression function, so a modern GPU can execute tens of billions per second. Key-derivation functions such as bcrypt, scrypt, and Argon2id deliberately make each guess expensive in CPU cycles, memory, or both, which collapses the rate by six to nine orders of magnitude. That gap is the whole point of using a KDF for password storage.
Why do memory-hard functions like scrypt and Argon2id resist GPUs better than PBKDF2?

PBKDF2 simply repeats an HMAC many times, which parallelizes cleanly across the thousands of small cores on a GPU. Memory-hard designs force every guess to touch a large, random working set in RAM, which exposes the limited memory bandwidth and on-chip cache of GPU cores. The result is that custom ASIC or GPU attacks lose most of their advantage, and the cost of brute-forcing scales with how much silicon area the attacker is willing to buy.
How does the bcrypt cost factor translate to real time?

The bcrypt cost factor is an exponent: a cost of N runs two-to-the-N rounds of the Blowfish key setup. Increasing the cost by one therefore doubles both the time to compute a legitimate login and the time an attacker spends per guess. The defender absorbs a few extra milliseconds per authentication; the attacker absorbs the same doubling across the entire keyspace, which is why nudging cost from ten to twelve is one of the cheapest security wins available.
What is the difference between worst-case and average brute-force time?

Worst case is the time to exhaust the entire keyspace, which is only relevant if the attacker is required to find every possible password. The expected, or average, time is half of that, because on average the correct guess sits in the middle of a uniformly random search order. This estimator reports the average case, which is the figure most often used in cryptographic threat modelling.
Do these estimates account for dictionaries, rainbow tables, and credential leaks?

No, the estimates assume the password is drawn uniformly at random from the chosen character set. Real attackers start with leaked password lists, common substitutions, and targeted dictionaries, which collapse the effective keyspace for human-chosen passwords. The numbers here represent an upper bound on attacker effort against a fully random password and a lower bound on the value of using a slow KDF, salting, and rate-limiting at the application layer.