Password Crack Time Comparison
Compare how long it takes to crack different types of passwords using various attack methods. Understand the importance of password length and complexity. Practitioners who need to document testing deltas often pair this tool with DiffMaster to highlight policy changes across assessment reports.
Interactive Comparison
Time to crack with Offline Attack (CPU):
Billions of years
Possible combinations: 475920314814.3T
Complete Comparison Matrix
| Password Type | Online Attack (Rate Limited) | Online Attack (Fast) | Offline Attack (CPU) | Offline Attack (GPU) | Botnet Attack |
|---|---|---|---|---|---|
| 6-char lowercase | 6 months | 2 days | 3 minutes | Instant | Instant |
| 8-char lowercase + numbers | Billions of years | 45 years | 16 days | 2 minutes | 14 seconds |
| 10-char mixed case + numbers | Billions of years | Billions of years | Billions of years | 1 years | 2 months |
| 12-char all types | Billions of years | Billions of years | Billions of years | Billions of years | Billions of years |
| 16-char all types | Billions of years | Billions of years | Billions of years | Billions of years | Billions of years |
| 20-char all types | Billions of years | Billions of years | Billions of years | Billions of years | Billions of years |
| 4-word passphrase | Billions of years | Billions of years | 58 years | 2 days | 5 hours |
Key Takeaways
Length matters more than complexity: A 16-character password with all character types is significantly stronger than a 12-character one.
Passphrases are powerful: A 4-word passphrase from a 7,776-word dictionary provides excellent security while being memorable.
Offline attacks are serious: Once an attacker has your password hash, they can try billions of combinations per second with modern GPUs.
Aim for "years" or more: A good password should take at least several years to crack, even with powerful offline attacks.