Brute Force Speed Calculator

[Caleb Nelands]

Im using incremental mode (brute force) mode in John the Ripper to crack Linux MD5 passwords. I'm trying to calculate the time it will take to run through all combinations of 12 passwords (with 12 different salts for each password).

I realize there's always the possibility that a password will be cracked early. However, have I calculated that correctly? It will take 7,153.09 days (at the very maximum) to run through all combinations?

However, now I'm going to handwave the math in seconds to demonstrate exponential speed increases which render fractions of days trivial. Besides, a reboot or two would mess that up regardless, not to mention actually using the machine for other things, regular patching, power outages, normal speed variance as other processes run, etc.

Your expected time depends on your assumptions. If you assume you're going to start this exact computer running on all twelve passwords and this version of JtR, and simply leave it there for a couple decades, then yes, that's about right.

If, however, we use House's corollary to Moore's law, i.e. aggregate computing power doubles every 18 months (with password hash cracking being embarrassingly parallel, this is reasonable enough to start with), then we realize that if you just wait 1.5 years, then you'd crack twice as fast, so you'd be done in about one decade instead of about two.

This very basic brute force calculator can be used to get a rough estimate on the amount of time it would take for someone to crack your password when trying every possible combination until it finds a match.

The calculator works according to a very simple formula where it takes the number of possible combinations available for a particular password, and divides that by the number of password attempts that some computer's hardware is capable of executing in a single second. In reality, of course, hackers have more efficient ways to crack your password than by blindly trying every letter/number combination imaginable. Dictionary attacks, for example, are effectively used by checking your hashed password against millions of most commonly used passwords or against passwords obtained from various data breaches. Still, the estimates given by this calculator are useful to see the big picture, and get a sense if your chosen password is strong enough to resist brute force attacks if the service you used that password on was ever hacked.

*Note: number above represents amount of time to exhaust every single combination. Realistically, you should find the password much sooner as you have about 50% chance to encounter correct password after exhausting just 50% of possible combinations, etc. Therefore, it makes sense to slash that number in half to get the expected average case.

All I can provide you with are estimates, based on the fact that Serpent is roughly as fast as DES. Of course the figures I can give you aren't actually brute-force figures but rather how much data can be encrypted per time, but this should give a solid estimate of the required time.

So let's estimate for Serpent with 56 bits. Serpent can get up to 0.16 GB/s on your machine as this is mainly computation bound. 0.16 GB is roughly $2^24$ blocks for DES, meaning you can roughly try $2^24$ keys per second. This means you need $2^56/2^24=2^32$ seconds for this which is equal to 136 years.

I'm sorry but I doubt this is feasible for you.

Note that even the brand-new Intel Core i7 6700K can only do 0.47 GB / s meaning an i7 6700K would also still require roughly 45 years. And to get even more crazy: the Intel Core i7 5960X is the best consumer CPU as of now can only do 0.63 GB / s resulting in 34 years. Now finally consider the currently strongest possible server mainboard running 8x Intel Xeon E7-8890v3 with 18 cores. There's no measured benchmark out there but I assume the performance to scale linearly with the number of cores (75 MB/s per core) and the frequency (62.5 MB/s with E7's freq). This would mean that this board could do 9GB / s of Serpent meaning $2^30$ blocks and thereby $2^26$ seconds being equivalent to 2.12 years (however this board would roughly cost $56k in 2015).

The experimental approach is probably the most useful to estimate crack times on any given hardware. Using JohnTheRipper, you can benchmark a hash algorithm with the --test option. In the latest JohnTheRipper (bleeding-jumbo branch), the DES hash algorithm is called crypt, so:

With 4 threads, I get about a million hashes/second. DES has a key space of $2^56$, but for most real (UNIX) passwords this can probably be assumed to be $95^8$ (for 8 printable ASCII characters). Unfortunately, this is still $95^8 / 1060000 =$ 293 years to exhaust the key space.

Imagine your laptop execute one DES operation in $1 \mu s$, which is very optimistic. Exploring the entire $2^56$ key space would costs $2^56$ operations. This equates to approximately $0,72. 10^17\; \mu sec$. Converting this quantity in hours, days and years, you would need approximately $2. 10^9 $ years.

AlphaGo used 1,920 Central Processing Units (CPU) and 280 Graphics Processing Units (GPU), according to The Economist, and possibly additional proprietary google Tensor Processing Units, for a lot of hardware power, plus brute force statistical analysis software (processing and analyzing lots and lots of data) known as Deep Neural Networks, or more popularly as Deep Learning.

A Brute Force Attack is where software systematically generates rapid-fire input trying to guess the correct value of a password. It is a trial-and-error approach which can be used when decryption would be difficult. It is also known as an "exhaustive key search" because it searches by trying all of the keys.

Imagine a combination lock with three-wheels, each of which can be set to numbers 0 to 9. Ten numbers on three wheels provides 1,000 combinations (10^3). A Brute Force Attack might try "000", "001", "002", "003", and continue until it reached "999" or found the correct combination. If each attempt takes one second, then it will take 16.7 minutes to try all keys.

It is important to note that this is not the same as the actual time required to find the correct key. The key could be the first first guess, or the very last guess, or most likely somewhere in the middle. But calculating the maximum time is useful because it provides a relative measurement of the strength of a key or password.

The possibilities count and key length are the parameters which define the search key space. As these values increase, the time it takes to perform a Brute Force Attack increases, sometimes exponentially.

The time per attempt is a parameter of the mechanism performing the search. For a combination lock, that is how fast can your fingers try each number. For passwords, it is a function of how fast a computer and software can try each password and how fast the software and algorithm responds to an attempt.

Calculations can also be performed faster if a GPU (Graphics Processing Unit) can be used instead of a CPU. GPUs are specialized processors which are designed for calculation speed. They are frequently used in password cracking computers. CPUs can make millions of guesses per second, while GPUs can make billions of guesses per second. Incidentally, one nice feature of bcrypt/Blowfish which does not get much attention is that it uses a lot of RAM, so much RAM that GPU optimizations are useless. The GPU is forced to take time (and take turns) accessing the system RAM so that it becomes no faster than a CPU.

Another important factor is how fast the login system responds to each attempt. In an ideal scenario, password cracking software has the encrypted hash to compare with each of its attempts. This allows it to try millions of guesses per second. A hash like bcrypt has a "cost" parameter which causes the algorithm itself to slow down calculation speeds from millions of guesses to less than 200.

However, if the encrypted hash is not known, then a Brute Force attack must make each attempt through the login software which is much slower. A typical web application which has to query the database will take 0.5-1.5 seconds to respond.

The first defense against a Brute Force attack is to choose a strong encryption algorithm. MD5 and SHA-1 are not recommended because they have collisions and are vulnerable to Rainbow Tables. bcrypt is recommended. It is a solid, well-tested algorithm with few collisions. It is slow and can be made slower by increasing its "cost" parameter, and a GPU will not increase the speed of guesses.

The next defense is to get users to pick strong passwords. Most importantly, you should require that users choose longer passwords. Remember, longer passwords exponentially increase the key space which must be searched. And by all means, never limit password length. Let the user enter a 30 character password if they want. The hash algorithm does not care, it can hash files containing several megabytes of data and still return a hash of the same length. Require that all users pick passwords which include letters, numbers, and symbols. These characters increase the key space which must be searched, and also make Dictionary Attacks less effective. Display a password strength meter which changes as a password gets longer or includes more of the required characters. Educate users in an organization about the importance of choosing strong passwords and not re-using them for other sites.

This calculator is designed to help users understand how many passwords can be created from different combinations of character sets (lowercase only, mixed case, with or without digits and special characters, etc.) and password lengths. The calculator then puts the resulting large numbers (with lots of digits or large powers of ten) into a real world context of the time that would be required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet.

3a8082e126