⏱️ Crack Time Estimator

Last updated: March 29, 2026

⏱️ Crack Time Estimator

See how long modern GPUs and botnets take to brute-force your password. Processed entirely in your browser — nothing is sent anywhere.

Entropy (bits)
Combinations
Charset used
Attack Scenarios

How this works: Brute-force time = (charset size ^ length) ÷ 2 ÷ attack rate. Hash rates are based on real-world benchmarks: RTX 4090 peaks at ~164 GH/s for MD5, ~350 GH/s for NTLM, ~22 GH/s for SHA-256, and ~184 KH/s for bcrypt (cost 5). Nation-state botnet estimates assume ~1 TH/s sustained throughput across distributed hardware. Online attack rates assume no rate-limiting bypass. Actual crack time may vary if dictionary/rule attacks or leaked password lists are used — those can be dramatically faster for common passwords.

What Crack Time Estimates Actually Reveal About Password Security

A password strength meter that tells you your password is "strong" because it has a capital letter, a number, and an exclamation mark is measuring the wrong thing. What actually matters is how long it takes an adversary with real hardware to exhaust every possible combination of characters your password could contain. That number — the brute-force crack time — is the only honest measurement of password resistance, and it varies by orders of magnitude depending on who is attacking you and how they are doing it.

The Keyspace Is Everything

Every password brute-force calculation starts with the same formula: charset size raised to the power of password length. If your password uses only lowercase letters (26 characters) and is eight characters long, the total number of possible combinations is 26^8, or roughly 208 billion. If you add uppercase letters (now 52 characters), that same eight-character password expands to 52^8, or about 53 trillion possibilities. Add digits and common symbols to reach a charset of 95 characters and that eight-character password now has 95^8, roughly 6.6 quadrillion combinations.

This exponential relationship is why length matters far more than complexity. A 12-character lowercase-only password (26^12 = 95 quadrillion combinations) already outpaces an eight-character all-character password. A 20-character passphrase using only lowercase letters generates a keyspace so large — 26^20 equals roughly 19.9 octillion — that even the fastest cracking hardware would need millions of years to exhaust it through brute force.

What Modern Hardware Can Actually Do

The crack times that matter are not theoretical — they are grounded in published benchmark data from GPU cracking tools like Hashcat running on consumer hardware. A single Nvidia RTX 4090, available to anyone for roughly $1,600, achieves the following sustained hash rates against common algorithms:

  • MD5: approximately 164 gigahashes per second (164 billion attempts per second)
  • NTLM (used by Windows Active Directory): approximately 350 gigahashes per second
  • SHA-256: approximately 22 gigahashes per second
  • bcrypt at cost factor 5: approximately 184 kilohashes per second — three to six orders of magnitude slower
  • Argon2id (modern key derivation): even slower, often below 10 kilohashes per second

These numbers are not estimates. They come from Hashcat's published benchmark suite and have been replicated by independent security researchers. The practical implication: if a website stores your password as an unsalted MD5 hash and its database is stolen, an attacker with a single gaming GPU can attempt 164 billion guesses every second against your hash. An eight-character password using all character types falls in roughly 11 hours under that attack. A nine-character equivalent takes about 43 days. Add one more character and you are at 11 years — which is why "just add one character" advice has some grounding in reality, even though switching to a slow hash would be far more effective.

The Attack Scenario Gap Is Enormous

One of the most important things crack time analysis reveals is the colossal gap between attack scenarios. Consider a 10-character password using mixed case and digits. Against a rate-limited login form that allows 100 attempts per second, the same password might take over 2 billion years. Against an offline MD5 hash with a single RTX 4090, it falls in about four days. The difference is not the password — it is what the attacker has access to.

Online attacks are bottlenecked by network latency, server processing time, and anti-automation controls. Even an unprotected login endpoint rarely exceeds 10,000 requests per second before server infrastructure fails. A properly implemented system with CAPTCHA, account lockout, and exponential backoff drops that to tens or hundreds. This is why online account takeover almost never uses brute force — attackers instead rely on credential stuffing (using leaked username/password pairs from other breaches) or phishing.

Offline attacks change everything. Once an attacker obtains a copy of your hashed password — through a database breach, a stolen backup, or extracted from local storage — there are no server-side controls. The only thing slowing them down is the algorithm your password was hashed with and their available hardware. Websites that use bcrypt, scrypt, or Argon2 with appropriate work factors force even well-resourced attackers to spend orders of magnitude more time per guess. Websites that use MD5, SHA-1, or raw SHA-256 without a proper key derivation function offer essentially no offline protection for anything below 12 characters.

Nation-State and Botnet Threat Models

Academic and security community discussions of nation-state adversaries typically center on sustained cracking capability in the range of 1 terahash per second for fast algorithms like MD5 or NTLM. This is achievable through rented cloud GPU clusters, purpose-built FPGA arrays, or large distributed botnets of compromised machines. At 1 TH/s, a 10-character alphanumeric password (62-character charset, 62^10 ≈ 839 trillion combinations) has an average crack time of under 7 minutes. The same password with symbols added (95-character charset) extends that to roughly 3 days — still achievable in an automated, targeted attack.

The asymmetry here is important: nation-state adversaries generally do not brute-force random members of the public. They target specific individuals or systems. If you are in that threat model, the practical answer is not a slightly longer password — it is a hardware security key, end-to-end encrypted communication, and minimal digital footprint. But for the vast majority of users facing opportunistic attackers and credential-stuffing bots, the offline GPU scenario is the realistic threat to plan against.

Why Entropy Bits Is the Right Unit

Password entropy in bits is calculated as log2(charset^length), or equivalently, length × log2(charset). It represents how many binary choices an attacker must make to guess your password in the worst case. A password with 40 bits of entropy requires 2^40 (about 1 trillion) guesses; one with 80 bits requires 2^80 (about 1.2 × 10^24) guesses. Each additional bit of entropy doubles the required guesses, which is why the relationship between entropy and crack time is exponential.

Security researchers generally regard 72 bits of entropy as sufficient for most threat models when the password is hashed with a modern slow algorithm. Against offline MD5 attacks, you need considerably more — around 90 to 100 bits — to push crack time beyond a human lifetime even for well-resourced attackers. A randomly generated 16-character password using all printable ASCII characters achieves roughly 105 bits. A six-word Diceware passphrase (drawn from a 7,776-word list) reaches approximately 77 bits and is significantly easier to remember.

What Crack Time Estimators Cannot Tell You

Brute-force crack time estimates assume a fully random password. Real attackers rarely brute-force randomly — they use wordlists, rule-based mutations, and Markov-chain models trained on billions of leaked passwords. The word "Password1!" scores as a 10-character, mixed-charset password with about 65 bits of theoretical entropy. In practice it appears in the top 10,000 entries of every major leaked password database and would fall to a dictionary attack in milliseconds. Crack time is a ceiling, not a floor. A weak-looking password generated by a cryptographic random number generator will always outlast a complex-looking but predictable one. Use a password manager to generate and store truly random passwords, treat the brute-force estimate as a best case, and always prioritize using hashing algorithms like bcrypt or Argon2 over speed-optimized alternatives when you control the server side.

FAQ

Why does the same password crack instantly offline but take years online?
Online attacks are constrained by network speed, server response time, and anti-bot controls — even an unprotected login endpoint caps out around 10,000 attempts per second. Offline attacks, where an attacker has already stolen your hashed password from a database breach, are limited only by raw hardware. A single RTX 4090 GPU can attempt 164 billion MD5 hashes per second with no server involvement whatsoever. The gap between the two scenarios can be 10 million times or more.
Does adding symbols make a password much harder to crack?
Adding symbols expands the charset from 62 characters (letters + digits) to about 95, which multiplies the total combinations by roughly (95/62)^length. For a 10-character password that is about a 6x improvement — meaningful but not transformative. Length increases are more powerful: going from 10 to 12 characters with the same charset multiplies the keyspace by 95^2 = 9,025. The practical recommendation is: use all character types AND a length of at least 14-16 characters for passwords that protect sensitive accounts.
What makes bcrypt so much harder to crack than MD5?
MD5 was designed to be fast — originally for checksumming files, not protecting secrets. A modern GPU can compute MD5 hashes at hundreds of billions per second. Bcrypt was specifically designed to be computationally expensive and includes a cost factor that can be increased as hardware gets faster. At cost factor 5, a single RTX 4090 achieves only about 184,000 bcrypt hashes per second — roughly one million times slower than MD5. This means a password that falls to an MD5 offline attack in one hour would require roughly one million hours (over 100 years) if stored with bcrypt.
Is a long passphrase of common words actually secure?
It depends on how many words and how they were chosen. A five-word passphrase chosen truly randomly from the 7,776-word Diceware list has about 64 bits of entropy (7776^5 combinations). A six-word Diceware passphrase reaches 77 bits, which is strong against most realistic offline attacks. The critical word is 'randomly' — if you choose words yourself, humans are predictable and attackers use word-combination wordlists. A passphrase like 'correct horse battery staple' became infamous after its use in an XKCD comic; it is now in every major wordlist.
Can a nation-state crack any password eventually?
With unlimited time, yes — brute force will always succeed eventually. But 'eventually' might mean the lifetime of the universe. A 20-character random password with full ASCII charset has about 131 bits of entropy. Even at 1 terahash per second against MD5 (a generous assumption for sustained botnet capability), exhausting half the keyspace would take roughly 2 × 10^19 years — about 1.5 billion times the age of the universe. Nation-states attacking password-protected content in practice use other methods: malware, insiders, legal compulsion, or exploiting software vulnerabilities, not brute force against strong passwords.
Why does the tool assume average case (half the keyspace) rather than worst case?
In a random brute-force search, each guess has an equal probability of finding the correct password. Statistically, the attacker will find it after searching on average half the keyspace before hitting the right answer — some guesses will be lucky (found early), some unlucky (found near the end), but the average is the midpoint. Using the full keyspace (worst case) would represent the scenario where your password happens to be the very last one guessed, which is as unlikely as being the first. Half the keyspace is the standard convention in cryptographic strength analysis.