How to crack billions of passwords?


Figure 1: exponential growth (93^length)
  • Key space can be increased by using larger character sets and longer passwords. This is why you need to use long passwords with digits, uppercase, lowercase and special characters on many sites. Key space can also be increased by using a technique called ‘salting’. Instead of hashing the plain password only, the password and a random ‘salt’ are hashed. For example, the password hash is not created as hash(password)but as hash(password + salt), where salt is a large random value. There is no impact on the key space for a single hash. However, for N hashes, the amount of time required for a given cracking strategy increases with a factor N.
  • Cracking speed can be decreased by using slower hashing algorithms. A simple way of achieving this is using N iterations of an algorithm. This slows cracking down with a factor N. This technique is known as ‘key stretching’.
  • Hardware-specific slowdowns typically exhaust fast memory by using relatively large amounts of it. This will result in a significant drop in performance on the targeted platform, since the system needs time to access slower memory. Introduced slowdowns are platform and processor-specific.
Figure 2: cracking speeds for various types of hashes

Cracking platforms

Finding the right tool for the job

Cracking at

Figure 3: Scattered Secrets’s cracker category ‘heavy’: four GPUs and four CPUs in a single system
Figure 4: Scattered Secrets’s cracker category ‘FPGA’: under the hood of a forty-eight FPGA system



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store