Are Your Passwords in the Green in 2022?
Looking for our latest Password Table?
Click the button!
It’s here! The 2022 update to our Hive Systems Password Table that’s been shared across the internet, social media, the news, and organizations worldwide. So what’s new, and what’s our methodology behind it? Keep reading! Or check out our video review of our 2022 update to the table!
Looking at Passwords in 2022
It’s been two years since we first shared our (now famous) password table. So it was about time we not only updated it for 2022 but we wanted to walk you through our methodology. While the data fits nicely into the table above, things aren’t as as simple as it shows. So we’ll walk you through our data, our assumptions, and oh, you’re going to see a LOT of variations of the password table above!
“So how'd you make the table"?”
In 2020, we shared a colorful table that took the internet by storm. It showed the relative strength of a password against a brute force cracking attempt, based on the password’s length and complexity. The data was based on how long it would take a consumer-budget hacker to crack your password hash using a desktop computer with a top-tier graphics card. Two years later – quite a long period of time in processing power improvement terms – we’re long overdue for an update.
First, let’s get some key terms out of the way. We’re going to talk about hashing. In the context of passwords, a “hash” is a scrambled version of text that is reproducible if you know what hash software was used. In other words, if I hash the word “password” using MD5 hashing software, the output hash is 5f4dcc3b5aa765d61d8327deb882cf99. Now if you hash the word “password” using MD5 hashing software, you’ll also get 5f4dcc3b5aa765d61d8327deb882cf99! We both secretly know the word “password” is our secret code, but anyone else watching us just sees 5f4dcc3b5aa765d61d8327deb882cf99. For this reason, the passwords you use on websites are stored in servers as hashes instead of in plain text like “password” so that if someone views them, in theory they won’t know the actual password.
You can’t do the reverse. A hash digest like 5f4dcc3b5aa765d61d8327deb882cf99 can’t be reverse computed to produce the word “password” that was used to make it. This one-way approach for hashing functions is by design. So how do hackers who steal hashes from websites ultimately end up with a list of real life passwords?
Hackers solve this problem by cracking the passwords instead. In this context, cracking means making a list of all combinations of characters on your keyboard and then hashing them. By finding matches between this list and the hashes from the stolen passwords, hackers can figure out your true password - letting them log into your favorite websites. And if you use the same password on multiple sites, you’re in for a bad time.
You can do this comparison with any computer, but it is much faster if you accelerate the process with a powerful graphics card. Graphics cards are those circuit boards that stick out of your computer’s bigger green circuit board. Among other things, this special circuit board has a Graphic Processing Unit (GPU) on it. A GPU is the shiny square tile on your graphics card that likely says NVIDIA or AMD on it. Originally GPU’s were built to make pictures and videos load faster on your computer screen. As it turns out, they’re also great for mining cryptocurrencies, and for calculating hashes. A popular application for hashing is called Hashcat. Hashcat includes hashing functions, like MD5, while allowing you to use them quickly and see how fast it was able to do so. As a side note, we usually say “hash function” instead of “hash software.”
We based our original table and time estimates on data from a 2018 GPU (RTX 2080 graphics card) and 2018 cybersecurity practices (MD5 hashing). Today’s top GPU, whether you’re gaming or amateur crypto-mining, is the RTX 3090. The table below compares the two cards in terms of calculations per second and hashes per second.
When shopping for a graphics card or cloud GPU, you’re given calculations per second, usually in floating point operations per second (FLOPS). The FLOPS measure doesn’t take into account the unique properties of hashing algorithms, password character composition, and the hardware “around” the graphics card like your motherboard. Fortunately, hashcat made it easy for password recovery experts to test their hardware on real hashing exercises, log the results, and share them as performance metrics or benchmarks with other cybersecurity experts. The result is an ever-growing dataset of observed hashing performance using various hardware and hashing approaches.
Comparison of an RTX 2080 GPU and an RTX 3090 GPU calculations per second and hashes per second.
The RTX 2080 card cracked about 37,085 million hashes per second (MH/s). In 2020, the makers of HowSecureIsMyPassword, where we sourced the data for our original table, rounded that up to 40,000 MH/s. Converting hashes per second to gigahashes per second (dividing the H/s value by 1000), that equals improvements of approximately:
10 trillion FLOPS to 35 trillion FLOPs in just 2 years, ~250% increase in raw compute power, and
37 GH/s to 69 GH/s in 2 years - an ~86% increase in hashes per second
“So how much faster is that in terms of time?”
Assuming the 8-character password recommendation from NIST is used, hackers can save the following amount of time by upgrading their graphics card to the RTX 3090:
So, complex 8-character passwords that once took 8 hours to crack now only take 5 hours!
Let’s look at the data side by side:
Password tables comparing MD5 hashes cracked by an RTX 2080 GPU against an RTX 3090 GPU.
5 hours still seems like a long time. What would a modern hacker password recoverer do?
“This seems like a job for the cloud, right?”
And right you are. Anyone can play with the cloud now - hurray! But everyone also includes hackers:
Password tables comparing MD5 hashes cracked by an RTX 2080 GPU against 8 x A100 GPUs from Amazon AWS.
If you have the cash, you can rent the ungodly power of Amazon’s high performance computing clusters. At the moment, Amazon offers renting 8 NVIDIA A100 Tensor Core GPUs through their EC2 P4d offering called “p4d.24xlarge” and advertised as the “highest performance for ML training and HPC applications in the cloud,” at just $32.77 per hour. Not fast enough? Buy more instances! Note that these are the maximum amounts of time it would take to crack a password, so you’d most likely be spending less. The more instances you have running in parallel, the less time it will take.
Comparison of an RTX 2080 GPU and 8 x A100 GPUs calculations per second and hashes per second.
That's 10 trillion FLOPS to 2,500 trillion FLOPs in just 2 years – a ~24,652% increase – and 37 GH/s to 524 GH/s in the same time period, a ~1,312.4% increase. 😵💫
Going back to our consumer-grade hacker point of reference, let’s assume we want to spend less money and avoid the big corporate cloud. Sites like vast.ai enable regular people to rent out their computer hardware through their residential internet connection. At the time of writing, the top performing rental was not one, but eight RTX 3090s for the low, low price of $5.60 per hour! We don’t know any specifics about the viability or security of vast.ai, so tread carefully. Also, the price dropped to $3.20 before I finished writing this paragraph.
Comparison of an RTX 2080 GPU and 8 x RTX 3090 GPUs calculations per second and hashes per second.
“Wait… who uses MD5 to hash their passwords in 2022?
Good point! GPUs can generate MD5 hashes very quickly, while other hashing functions make the process slow by design. Though there are a still a surprising number of sites using MD5, there is a large contingent that hash their passwords with bcrypt instead so let’s explore some more.
“What about salting? Doesn’t that make passwords harder to crack?”
Yes! It wouldn’t be fair to upgrade hardware but not the hashing process. Fortunately, bcrypt has salting built-in and ends up being stronger than salting MD5 (and many other hash implementations).
Password tables comparing bcrypt hashes cracked by an RTX 3090 GPU against 8 x A100 GPUs from Amazon AWS (Amazon EC2 p4d.24xlarge with 8 NVIDIA A100 SXM4 40 GB cards).
Comparison of an RTX 3090 GPU and 8 x A100 GPUs calculations per second and hashes per second.
In bcrypt terms, the consumer GPU hardware can only handle 96,662 hashes per second, while the EC2 instance with the 8 A100 GPUs handles 1,081,800.
“So how did you pick just one of these to be ‘the table’?”
We reviewed password data breaches from 2007 to present, reported through HaveIBeenPwned, to see what attackers have actually been trying to crack and whether that changed over time. Generally speaking, website logins that people probably care less about, like forums and restaurants, used and continue to use MD5 and SHA-1. That is a pretty big deal assuming people reuse the same passwords on more concerning sites like banking, government, private messaging, email, and social media.
Password storage solutions like LastPass, 1Password, and Bitwarden use a hashing approach called PBKDF2 with a strong hash alternative to MD5 called SHA-256. Even NIST recommends PBKDF2 SHA-256. Looking at cracking times with an RTX 3090 GPU, it looks like this:
But we also found that things look different “in the wild.” Breached password hashes from Dropbox, Ethereum, MyFitnessPal and and DataCamp all appear to use the password-hashing function bcrypt instead of a key derivation function like PBKDF2. Bcrypt also seems to be the more secure option in terms of resources required to crack it.
The problem is that with the websites and application you use, you don’t know if they’re using MD5, bcrypt, or PBKDF2. As a result, our “official” table has to be the lowest common denominator of all three of these to give you a view into the worst case scenario. Until the use of MD5 sees a dramatic drop off, our table will continue to use it as the official metric.
“What about the elephant in the room: what if my password has been previously stolen, uses simple words, or I reuse it between sites?”
Our password table focuses on the idea that the hacker is working in a “black box” situation and is having to start from scratch to hack your hash. Through the use of rainbow tables, dictionary attacks, and previously stolen hashes, your password table may (unsurprisingly) look like this:
Limitations in our Work:
Cracking passwords this way assumes that the attacker has acquired a hash digest of one or more passwords, such as those found in password data breaches on HaveIBeenPwned.
The implied attack assumes that MFA is not used or has been bypassed.
These metrics assume that passwords are randomly generated. Non-randomly generated passwords are much easier and faster to crack because humans are fairly predictable. As such, the time frames in these tables serve as a “best case” reference point. Passwords that have not been randomly generated would be cracked significantly faster (see above).
These metrics assume you’re using a password that has not been part of a breach in the past. Attackers will try hashes to all common and breached passwords before bothering to crack new ones (see above).
Hashcat defaults to 999 iterations for PBKDF2 SHA-256 but that doesn’t represent what people use. NIST recommends a minimum of 1000 iterations and sites like LastPass use 100,100 iterations, and 1password uses 100,000 iterations.
Hashing is only one step to “cracking.” The second step is looking for matches between the hashed strings and the breached hashed password dataset. We assume that this lookup requires a trivial amount of additional computation and time.
These metrics assume a finite “sample space” of 650 characters for password length. We also assumed that the passwords were limited to the character set shown below. If an attacker is confident you wouldn’t use a particular subset of characters – like Cyrillic alphabet characters, for example – the sample space is even smaller, and a given your password could be cracked even faster.
Encoding | Alias | Character Range | Characters |
---|---|---|---|
ASCII | Lowercase | a-z | 26 |
ASCII | Uppercase | A-Z | 26 |
ASCII | Numbers | 0-9 | 10 |
ASCII | Symbols A | -!@£#$%^&*()=+_ | 15 |
ASCII | Symbols B | \s?/.>,<`~|;:]}[{'\" | 19 |
Unicode | Latin Set | u00A1-u00A2, u00A4-u00FF | 93 |
Unicode | Latin Ext A | u0100-u017F | 128 |
Unicode | Latin Ext B | u0180-u024F | 208 |
Unicode | Latin Ext C | u2C60-u2C7F | 32 |
Unicode | Latin Ext D | uA720-uA7FF | 29 |
Unicode | Cyrillic Uppercase | u0410-u042F | 32 |
Unicode | Cyrillic Uppercase | u0430-u044F | 32 |
TOTAL | 650 |
References:
Hashes per second (H/s) benchmarks were either generated by Hive Systems using hashcat, or were collected from Github repo/gist search results containing other people’s hashcat outputs (e.g. https://github.com/search?q=hashcat+benchmark).
We obtained GPU hardware specs from the manufacturer or www.techpowerup.com/gpu-specs.