zlacker

[parent] [thread] 2 comments
1. foxyv+(OP)[view] [source] 2022-02-08 20:34:50
This depends on the key derivation function used. PBKDF2 or BCrypt with strong enough difficulty factor makes even fairly short passwords difficult to crack. On the other hand, a straight SHA-256 hash method can be broken insanely quick with fairly long passwords.
replies(1): >>grwgre+jm1
2. grwgre+jm1[view] [source] 2022-02-09 06:03:44
>>foxyv+(OP)
>fairly long passwords

how long are we talking?

replies(1): >>foxyv+gV5
◧◩
3. foxyv+gV5[view] [source] [discussion] 2022-02-10 15:01:25
>>grwgre+jm1
I never really did the math before but I whacked something together real quick in Excel. At $0.30/THash BTC we can come up with some cost expectations for password lengths. Here I will use a 74 possible character password using 26 upper and lower case letters, 10 numbers and 12 symbols. Totally random of course. Using (Possible Chars ^ Password Length) as the number of combinations and guessing we will find our answer at about %50 of our guesses. (See! Super rough)

With SHA-256 it takes about $21 to crack a 6 character password.

$1500 to crack 7 characters.

$108,330 to crack 8 characters.

$7.8 million to crack 9 characters.

$561 million to crack 10 characters.

$40 billion to crack 11 characters.

$3 trillion to crack 12 characters.

$200 trillion to crack 13 characters.

Edit Note: BTC is kinda expensive per hash right now. Usually this would all be cheaper. Past 14 characters it could be 1 cent and still outrun the usual US budget for a couple years.

[go to top]