7

To properly assess password strength, I have been trying to research what the fastest known password cracking rig is in hashes per second.

HashCat claims that their software is the world's fastest, and the current version is v6.2.5. I also found a Blog report which claimed that there is a password cracker, which is an 8-GPU rig able to crack an MD5 hashed 8 character password in 4 hours using the brute force method.

I looked into the claim and found that the author was referring to a Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128) fitted with 8x Nvidia GTX 1080 Founders Edition graphics cards and using Hashcat v3.00-beta-145-g069634a, plus Nvidia driver 367.18.

Looking at the benchmarks of the rig it can crack a password hashed at

  • MD4 in 350.8 GH/s
  • MD5 in 200.3 GH/s
  • SHA1 in 68771.0 MH/s
  • SHA256 in 23012.1 MH/s

Using these figures, and the helpful answer to How many possible combinations in 8 character password? I put together a PHP calculator.

With a stipulation that the password can be typed with a standard UK keyboard without alt + number combinations, and you use at least

  • 1 uppercase letter,
  • 1 lowercase letter,
  • 1 number, and
  • 1 special character (punctuation or symbol)

An 8 character length password would take:

  • 2 hours, 24 minutes in MD4
  • 4 hours, 12 minutes in MD5
  • 12 hours, 13 minutes in SHA1
  • 1 day, 13 hours in SHA256

Adding just 1 more character increases the time immensely. A 9 character length password would take:

  • 1 week, 4 days in MD4
  • 2 weeks, 5 days in MD5
  • 1 month, 4 weeks in SHA1
  • 5 months, 2 weeks SHA256

Looking at the history of the benchmarks provided, although the page was last active 5 months ago, the benchmarks were put together Jun 6, 2016 and

  • as previously mentioned, HashCat has been updated since then — what speed difference did these updates provide?
  • there are far faster Nvidia GPUs available now (e.g. RTX-3090 is 121% faster) — does that mean I can multiply the GH/s and MH/s speeds by 2.21 at a minimum (dividing the timings by 2.21)?

So, what is the fastest known password cracking rig in hashes per second.

Chris Rogers
  • 275
  • 3
  • 10
  • 3
    I don't have the answer to your question, but note that cryptocurrency mining rigs are basically the same hardware as password hash cracking rigs, running only very slightly different software, and do get significantly faster than 8 GPUs. Plus you can easily parallelize this kind of search across an arbitrary number of systems such as AWS or Azure VMs with GPUs, any one of which will be slower than a dedicated rig but which can divide-and-conquer the problem to nigh-arbitrary levels. – CBHacking Feb 23 '22 at 12:48
  • Hmmm, interesting point @CBHacking - So could I be looking at an impossible to answer question here? – Chris Rogers Feb 23 '22 at 12:51
  • 2
    Also, this way of thinking about the requirement is flawed. If your passwords are actually totally random, then the restrictions actually reduce entropy. However, nobody uses totally random passwords, and they mostly use ordinary words, names, or dates, capitalize the first letter, and use a "1337" substitution or two (in worst case, append a number/symbol, usually 1 or !) to get past the restrictions, so the question of "how long does it take to brute force the entire search space" is irrelevant; the extremely vast majority of passwords are from a pool of less than a million. – CBHacking Feb 23 '22 at 12:52
  • 3
    If you actually want secure passwords, what you need to do is have a length limit, and then ban every password (or at least the million most common ones, but why stop there?) that has ever been exposed in a password breach or similar. Throw in a verifier that normalizes (de-1337-s) text and checks it against a dictionary and names list, while you're at it. Heck, test the password with the last character or two chopped off, as well. "Complexity" rules add basically nothing when everybody gets around them the same way, so you have to actually enforce uniqueness if possible. – CBHacking Feb 23 '22 at 12:57
  • Broadly concur - especially that the endgame is to train users to produce unique passwords (passphrase based when they must be memorized, and stored in a password manager when they don't have to be memorized). But note that unless mining rigs are GPU based (which most mining has grown beyond), repurposing mining rigs doesn't work for password hashing. See my comment on Ajedi32's answer. – Royce Williams Feb 23 '22 at 20:28
  • 1
    [Rainbow tables](https://freerainbowtables.com/) do exist and just keep growing so you're probably better off checking against them first. Are you looking for the fastest possible hash rate or are you interested in password cracking? Those are two distinct topics. Anyways, hardware questions are usually obsolete within a matter of weeks so do you plan to ask again later? – MonkeyZeus Feb 23 '22 at 20:55
  • I'm not a regular here, and not in a position to make positive statements on site rules, but on at least some subset of other Stack Overflow sites questions that are likely to become inaccurate over time (rather than remain correct indefinitely) are frowned on. – Charles Duffy Feb 24 '22 at 13:50
  • This really isn't on topic here. Any point in time answer on this will be obsolete soon after, as compute power continually increases. It also isn't really a question about security. – Rory Alsop Feb 24 '22 at 14:49

1 Answers1

17

It really depends on how you define "cracking rig" and how you define "fastest", but for SHA-256 hashes at least, the Bitcoin mining network recently peaked at around 214 Million Trillion hashes/second (214 EH/s). If you're looking for a worst-case scenario to use for calculating crack times for weak hashes like SHA-256, that's about as bad as it gets.

If repurposed to crack password hashes, the Bitcoin mining network would crack a SHA-256 password hash for a fully random 14-character alphanumeric password in 14 seconds, on average.

In conclusion, don't use fast hashing algorithms for passwords. A dedicated password hashing algorithm like Bcrypt, Scrypt, or Argon2 would be a more appropriate choice.

Ajedi32
  • 4,637
  • 2
  • 26
  • 60
  • 12
    Agreed with your conclusion, and the global Bitcoin hash rate is interesting as a very hypothetical upper bound - but note that Bitcoin ASICs cannot be repurposed for general SHA256 hash cracking, due to their specialized implementation. 'Mining' (searching for any hash that matches certain characteristics) is a significantly different activity from trying to find the plaintext for a *specific* hash. And implementing even orders of magnitude less than the equivalent scale for cracking purposes, even by nation states, would be less cost-effective than just sending someone over to your house. :D – Royce Williams Feb 23 '22 at 20:21
  • 2
    Cracking could be a lot more cost effective then sending someone over to the house if the other house belongs to a state actor of an adversary nation. – laolux Feb 24 '22 at 12:43
  • @RoyceWilliams we don't know the power of three-word agencies. [Yes, the Miners can reach 2^92 in a year](https://crypto.stackexchange.com/a/63537/18298). Still not enough to beat 128-bit key... – kelalaka Feb 24 '22 at 20:04
  • @kelalaka Agreed! While we don't know that power, we can indeed make some broad upper-bound estimates, within a few orders of magnitude, based in part on the constraints of physics (even assuming quantum), and in part on less-expensive analog options. TLAs have budgets, too. :D – Royce Williams Feb 24 '22 at 22:34
  • moral of story use a wide character set ( include the 14 alt chars as in !@#$%^&*()_+-= ) and a very long password ... above linked to calculation displays these parms ... when your password has 36 characters and you use the character set 26 + 10 + 14 instead of 14 seconds to crack when leveraging the entire bitcoin network it takes 3.3999802e+40 seconds as per ((26+10+14)^36/2)/(214*10^18) which is 1.0781266e+33 years – Scott Stensland Mar 11 '22 at 16:14