Table of Contents

    Free Active Directory Auditing Tool

    Try it now

    [New research] Cracking bcrypt: Is new-gen hardware and AI making password hacking faster?

    Table of Contents

      Almost two years ago, the Specops research team analyzed how long it took to crack passwords hashed with the bcrypt algorithm. Two years is a long time in cybersecurity, so we’re revisiting the research with newer, more powerful hardware, to create a new table of bcrypt cracking times. The reason for this is two-fold: the AI boom causing a glut of consumer hardware, as well as the arms-race in consumer graphics performance.

      The focus on compute power for both consumers and enterprises whether for general purpose compute (GPGPU) or training LLMs has caused arguably all three major graphics vendors to focus more heavily on compute performance than they may have in the past. This shows in the performance of Nvidia’s recent 50-series, as well as AMD’s upcoming transition to the ‘UDNA’ architecture. We’ve investigated what this boom and renewed focus on compute means for the difficulty of cracking a leaked password hash, and the future security of passwords.

      This research coincides with the latest addition of over 70 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.

      What’s driving the increase in computing power?

      Post the release of the RTX 50-series cards, the availability and affordability of high-performance computing hardware has further increased, evolving the discussion of what should be considered a strong password. This increase of cheap powerful hardware is generally driven by the AI boom, and the reasonable affordability of high-power consumer GPUs.

      Typically, an organization will co-locate a machine with a number of consumer-level GPUs such as the 5090 and use it to train their models. When they’re not doing re-training, they list it on a service such as vast.ai for users to rent and in turn train their own models (or in our case, to crack hashes). This allows one to monetize the downtime, even if it is only a few dollars an hour, to offset the cost of the hardware. This hardware can range from 8-16 RTX 5090s to 8 Nvidia H200s.

      Methodology

      What hardware did we use?

      AI-specific hardware such as the H200s do not provide a benefit in password cracking, as we don’t need the volume of memory they provide, we simply need the hashrate (a measure of a computer’s or network’s computational power, expressed as the number of hash calculations it performs per second). A reasonable expectation for the hardware being used to attack a given set of leaked hashes is now 5090-series hardware. This hardware costs somewhere in the ballpark of $5/hr to rent:

      5090-series hardware costs

      As such, these calculations were performed using 8xRTX 5090s for the example hardware, with the expectation that hackers could be using more (there are instances with 16 available in a single host).

      RTX 5090 hardware

      Counter to previous time to crack tables, we didn’t use the Hashcat benchmark functionality to determine the hashrate that we based the table on. As best practices and hardware evolves, a cost factor of 5 (the cost factor used for Hashcat’s m3200 benchmark) is no longer a reasonable expectation of complexity. We’ll be discussing cost factors of 10+; that is iterations of 1024 and up. This better reflects a strong implementation at the time of writing in 2025.

      Generating the hashes

      A sample of 750,000 hashes was taken from the well-known wordlist rockyou.txt and hashes were generated of cost factors 10, 12, and 14. This can take some time, since as the cost factor goes up making the hashes harder to crack, this in turn makes the hashing process slower. The higher iterations hit you on both ends.

      Deciding which cost factor to use for a given implementation necessitates considering how often you’ll need to hash the records in question and how much time can be spared to do so. For example, the sample data was generated on a reasonably powerful workstation. Generating the cf12 hashes took 1.2 hours; generating cf14 hashes (from the same data) takes nearly 5 hours.

      After the data was generated, a cloud instance of 8xRTX 5090 GPUs was spun up, the data was transferred to the host along with a copy of rockyou.txt, and attacks were performed to produce an expected hashrate. Both mask attacks and wordlist attacks were performed to provide sample data. This data is then used to generate the expected time to crack a given password via brute force. These hashrates were then used to produce the time-to-crack for a given password complexity.

      What did we find?

      Over the two years since our previous bcrypt cracking writeup, the colossal investment in AI infrastructure by various organizations and financial backers (see: OpenAI, Anthropic) have improved the availability of heavy compute hardware by leaps and bounds. While previously one could expect to be under attack from a set of something like the RTX 4090, the next generation of flagship cards are more available and faster than ever: an RTX 5090 is approximately 65% faster when tackling bcrypt (an intentionally slow hashing algorithm that does not lend itself to GPU compute).

      However, we need to take into account that we also increased the cost factor for this piece of research, which would slow hacking attempts down. While high cost-factor bcrypt hashes do require a great deal of compute and time to crack, we can see that the availability of more powerful hardware is balancing it out. All of this extra overhead can then be used to weaken stronger hashes that would have been impossible to crack with less powerful hardware.

      As you can see in the below table, short, non-complex passwords can still be cracked relatively quickly, highlighting the huge risks of allowing users to create weak (yet very common) passwords such as ‘password’, ‘123456’, and ‘admin’. However the high cost factor of bcrypt makes longer passwords extremely secure against brute force attacks thanks to its slow-working hashing algorithm. Once a combination of characters are used in passwords over 12 characters in length, the time to crack quickly becomes a near-impossible task for hackers. This shows the value of enforcing longer passwords.

      Number of charactersNumbers OnlyLowercase OnlyUpper and LowerNumber, Upper, LowerNumber, Upper, Lower, Symbols
      4InstantlyInstantlyInstantlyInstantly17 minutes
      5Instantly2 minutes81 minutes194 minutes26 hours
      6Instantly66 minutes70 hours200 hours102 days
      72 minutes29 hours151 days517 days317 months
      822 minutes31 days262 months88 years2449 years
      9212 minutes797 days1117 years5437 years230158 years
      1036 hours690 months58064 years337125 years21634796 years
      11352 hours1495 years3019333 years20901760 years2033670809 years
      12147 days38864 years157005327 years1295909100 years191165056.1k years
      1349 months144351 years8164277025 years80346365k years17969516m
      1441 years25912012 years424542405k years4981474577k years1689134436m years
      15402 years673712313 years22076205m years308851423m years158778637b years
      164017 years17516520142 years1147962664m years19148789b years14925192t years
      1740168 years455429524k years59694059b years1187224873b years1402968036t years
      18401675 years11841168m years3104091044b years73607943t years131878996q years
      194016746 years307870358m years161412735t years4563692412t years12396626Q years
      2040167451 years8004629308m years8393463q years282948930q years1165282803Q years
      21401674504 years208120363b years436460034q years17542834Q years109536584s years
      224016745033 years5411129413t years22695922Q years1087655686Q years10296439S years

      What can we learn from brute force calculations?

      It’s true that expecting an attacker to attempt to brute force a given dataset is unrealistic. Crackers will typically use a variety of attacks to attempt to crack a given set of hashes. This can range from dictionary attacks and rule-based attacks, to association attacks. They may generate specific wordlists based on the source of the hashes, such as scraping a corporate website with a tool like Cewl, to provide a targeted wordlist.

      However, brute force gives a baseline to perform calculations when discussing the raw compute provided by a given set of hardware, as well as a baseline to perform strength calculations from. It’s important to be mindful of how attacks are performed, and attempt to build well-founded password policies that reduce the risk of passwords being guessable via simple wordlist and rule attacks.

      This can come in the form of length and complexity requirements at a basic level, while ranging to custom blocked dictionaries and breached password corpuses – such as the functionality provided by Specops Password Policy combined with Specops Breached Password Protection. When possible, a combination of these functionalities should be used to make it as hard to generate a valid candidate as possible. As shown by the new cracking table, entropy is crucial, and length is an easy-to-remember source of password entropy.

      Continuous Scan Password Policy icon
      Continuously block 4 billion+ compromised passwords in your Active Directory

      Writing policy rules when expecting multiple 5090s to attack any leaked hashes 

      In order to protect against this kind of attack, there are a number of settings that can be configured within Specops Password Policy that will assist in making it more difficult to crack, should a bcrypt hash leak (whether from an internal system, or from a third party). As demonstrated in the cracking table, optimally an organization should be implementing a combination of protections, such as:

      • A minimum length of 18
      • Multiple character classes required, optimally: upper, lower, digits and special characters
      • Enable passphrases with minimum length 18 and multiple character classes when possible
      • Implement a custom dictionary that blocks words relevant to your organization, especially company name and product names; CeWL can be useful in determining a blocklist when run against public company resources
      • Implement Specops Breached Password Protection (optimally Breached Password Protection Complete)

      Can bcrypt hashing prevent password compromise? 

      As the cost factor (and number of rounds) increases, both the cost (and required computational power) of cracking, and hashing the initial password increases. Weighing this cost when implementing any authentication system is necessary to determine what hashing algorithm should be used; whether that’s a high round bcrypt, or something like argon2. A cost factor of over 10 increases the security of any password policy that is implemented, preferably in accordance with NIST 800-63B.

      However, if the attacker has the password in question, whether due to re-use, or the password directly being leaked through infostealers, or another exploitation method this time becomes functionally 0 since the attacker can simply use the given password. No amount of complex hashing algorithms is a replacement for good security hygiene and implementing strong password policies through Specops Password Policy, as well as using a breached corpus such as Specops Breached Password Protection to prevent re-use of passwords across accounts. It’s now more important than ever to defend against infostealers leaking credentials.

      Time to crack: Known compromised passwords

      Number of charactersNumbers OnlyLowercase OnlyUpper and LowerNumber, Upper, LowerNumber, Upper, Lower, Symbols
      6Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      7Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      8Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      9Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      10Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      11Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      12Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      13Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      14Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      15Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      16Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      17Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      18Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      19Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly
      20Instant­lyInstant­lyInstant­lyInstant­lyInstant­ly

      Find weak and compromised passwords in your network today 

      This month’s update to the Breached Password Protection service includes the addition of more than 70 million compromised passwords to the list used by Specops Password Auditor. You can find how many of your end users’ passwords are either compromised or identical with a read-only scan of your Active Directory from Specops Password Auditor.

      You’ll get a free customizable report on password-related vulnerabilities, including weak policies, breached passwords, and stale/inactive accounts. Download your free auditing tool here.

      Continuously block weak passwords and compromised passwords

      Specops Password Auditor offers a great starting point for assessing your current password risks, but it’s only a snapshot. With Specops Password Policy and Breached Password Protection, organizations can continuously protect themselves against over 4 billion known unique compromised passwords.

      Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. It also includes passwords found on breached password lists on the dark web and elsewhere. Breached Password Protection continuously scans your Active Directory for breached passwords and allows you to alert end users with customizable messaging that helps reduce calls to the service desk.

      Interested in seeing how this might work for your organization? Have questions on how you could adapt this for your needs? Contact us or see how it works with a demo or free trial.

      (Last updated on September 19, 2025)

      David Ketler

      Written by

      David Ketler

      David Ketler is a cybersecurity consultant based in Toronto, Canada with 10+ years of experience in software development and cybersecurity. He writes about password cracking, dark web activity, and password management.

      Back to Blog

      Related Articles


      Free Active Directory Auditing Tool!