Security checks

Password Strength by Time

Enter password length, character set, and attacker speed to see the estimated average brute-force crack time. Adjust the attack speed to compare online rate-limited logins versus offline hash-cracking scenarios. For educational use — to illustrate why length and randomness are your primary defences.

Last reviewed May 14, 2026 by ToolSpilo Editorial Team.

Review method: Reviewed against NIST SP 800-63B and OWASP password storage/authentication guidance. Existing crack-time model preserved; bcrypt timing language softened because speeds vary by implementation and hardware.

Calculator tool

How this calculator works

Use the explanation to understand the formula, assumptions, and practical limits behind the calculator result.

The Brute-Force Model

A brute-force attack tries every possible combination until it finds the correct password. The total search space is:

S=NLS = N^L

Where:

  • SS = total number of possible passwords
  • NN = character set size (distinct characters the attacker considers)
  • LL = password length

The average crack time assumes the attacker finds the password halfway through the search space:

T=S×pGT = \frac{S \times p}{G}

Where:

  • TT = average crack time in seconds
  • pp = fraction of search space checked (typically 50% for average)
  • GG = attacker guesses per second

Attack Speed by Scenario

The most important variable is GG — which depends entirely on the attack scenario:

ScenarioAttack speedExample
Online login (no rate limit)~100/secWeb form without lockout
Online login (rate limited)~10/secEnforced 1-second delays
Offline MD5 hash~$10^{10}$/secSingle modern GPU
Offline SHA-256~$10^9$/secSingle modern GPU
Offline bcrypt (cost 12)~$10^4$/secSame GPU — 100,000× slower
Distributed GPU farm~$10^{14}$/secNation-state or criminal org

bcrypt (and Argon2, scrypt) are designed to be slow. A 1-second bcrypt verification with 1 GPU allows only ~1,000 guesses per second. The same password behind MD5 takes microseconds per guess — making bcrypt cost 12 vs MD5 a 6-order-of-magnitude difference in real attack resistance.

Worked Example

Password: 10 characters, letters + numbers + symbols (N=94N = 94) Attack speed: 101010^{10} guesses/sec (offline MD5)

S=94105.39×1019S = 94^{10} \approx 5.39 \times 10^{19}

T=5.39×1019×0.510102.7×109 seconds85 yearsT = \frac{5.39 \times 10^{19} \times 0.5}{10^{10}} \approx 2.7 \times 10^9 \text{ seconds} \approx 85 \text{ years}

Same password against online rate-limited login (G=10G = 10/sec):

T5.39×1019×0.5102.7×1018 secondsT \approx \frac{5.39 \times 10^{19} \times 0.5}{10} \approx 2.7 \times 10^{18} \text{ seconds}

The same 10-character password becomes uncrackable in practice against a rate-limited form — not because the password is stronger, but because the attack speed dropped by 9 orders of magnitude.

Length vs Complexity: The Real Impact

Same character set (N=94N = 94), different lengths, MD5 offline:

LengthSearch spaceCrack time @ 101010^{10}/sec
86.1×10156.1 \times 10^{15}~3.5 days
105.4×10195.4 \times 10^{19}~85 years
124.8×10234.8 \times 10^{23}~750,000 years
144.2×10274.2 \times 10^{27}~13 billion years

Each additional character multiplies the search space by N=94N = 94. Adding 2 characters changes crack time from days to centuries.

What This Calculator Does Not Capture

Dictionary attacks — real attacks start with wordlists and rule sets before brute-forcing. Password1! has theoretical crack time of centuries but falls in seconds to a dictionary attack.

Credential stuffing — if the password appeared in a breach, it is instantly cracked regardless of entropy.

Salt — proper salting prevents precomputed rainbow table attacks. Unsalted MD5 hashes can be cracked using lookup tables with near-zero computation.

Frequently asked questions

Should I enter my real password?

No. Never enter a real password into any online tool. Test a pattern of the same length and character types instead — for example, if your actual password is 14 characters with mixed case and symbols, enter any 14-character combination to model the structure without exposing the actual credential.

Why is bcrypt so much slower to crack than MD5?

MD5 and SHA-256 are general-purpose hash functions designed to be fast. bcrypt is a password hashing function deliberately designed with a cost parameter that makes each password check slower.

The exact speed depends on hardware, implementation, cost setting, and whether the attacker is testing online or offline. The practical lesson is stable: fast hashes make large guessing campaigns much easier, while password hashing functions such as bcrypt, Argon2id, or scrypt are designed to raise the cost of each guess.

For password storage, follow current security guidance and avoid storing passwords as unsalted MD5, SHA-1, or plain SHA-256 hashes.

What attack speed should I use for my scenario?

Use the attack speed that matches your threat model:

  • Online accounts with rate limiting: 10–100 guesses/sec. Most accounts have lockout policies — this represents the highest realistic online threat.
  • Offline MD5/SHA-1: 10910^9101010^{10}/sec — realistic if the hash database was leaked and hashes are unsalted.
  • Offline bcrypt (cost 10–12): 10310^310410^4/sec — the standard for properly secured password databases.
  • Large-scale GPU clusters: up to 101410^{14}/sec for fast hashes — applicable for high-value targets under sophisticated attack.
Why does entropy matter more than complexity rules?

Mandatory complexity rules (uppercase + number + symbol) were popularised by an early NIST guideline that was later retracted. The reason: predictable patterns are not entropy. Humans who must include a capital letter and symbol reliably produce Capital1! or P@ssw0rd — patterns that appear in every modern password dictionary.

NIST SP 800-63B (current guidance) recommends length over complexity rules. A randomly generated 16-character password with only lowercase provides 75\approx 75 bits of entropy — enough to resist any realistic offline attack. The unpredictability is what matters, not the character type distribution.