Password Crack Cost Calculator
Understanding the financial cost to brute-force a password hash helps security teams set appropriate password and hashing policies. This calculator takes the total search space (charset size raised to password length) and the hash rate in hashes per second, computes the expected number of GPU-hours required on average (half the search space), and multiplies by a user-provided cloud GPU cost per hour to yield a dollar estimate. Weak hash functions like MD5 can be cracked for cents; strong functions like bcrypt or Argon2 can cost thousands of dollars for even moderate passwords.
Password crack cost formula
Combinations = charsetlength
GPU-seconds = combinations / (2 x hash rate)
GPU-hours = GPU-seconds / 3,600
Cost (USD) = GPU-hours x cost per GPU-hour
The factor of 2 represents the average-case assumption: on average the correct hash is found halfway through an exhaustive search. Worst-case cost doubles these estimates.
Hash algorithm crack costs (reference rates)
- MD5 (unsalted): ~10 billion hashes/second/GPU. An 8-character all-ASCII password costs less than $0.01 to crack.
- SHA-256 (unsalted): ~3 billion hashes/second/GPU. Still very fast and cheap to crack for short passwords.
- bcrypt (cost 10): ~100,000 hashes/second/GPU. An 8-character all-ASCII password costs roughly $100 to crack.
- bcrypt (cost 12): ~20,000 hashes/second/GPU. Same 8-character password costs roughly $500 to crack.
- Argon2id (recommended): configurable, typically slower than bcrypt. Designed to resist GPU and ASIC attacks through memory hardness.
Password crack cost calculator: frequently asked questions
How is crack cost calculated?
Crack cost equals the expected number of hash attempts divided by the hash rate (attempts per GPU-second), giving GPU-seconds. Dividing by 3,600 gives GPU-hours. Multiplying by the GPU cloud cost per hour gives the dollar cost.
What cloud GPU cost per hour is reasonable to use?
A common reference point is the cost of a compute-grade GPU instance on major cloud providers. As of 2025, GPU compute costs range from about $0.30 to $3.00 per GPU-hour depending on the GPU model, provider, and spot vs on-demand pricing. Use a value appropriate for your threat model.
Why is bcrypt so much more expensive to crack than MD5?
bcrypt deliberately slows down hashing through its cost factor. At cost factor 12, bcrypt performs 2^12 = 4,096 iterations per hash, and modern GPUs can compute only thousands of bcrypt hashes per second versus billions of MD5 hashes per second. This dramatically increases crack cost.
Does salting affect crack cost?
Salting prevents precomputed rainbow table attacks but does not significantly affect single-password brute-force cost. A salted hash still requires the same number of hash computations per guess. However, salting means the attacker must crack each password independently, preventing amortization across many passwords.
What hash algorithms does NIST recommend for password storage?
NIST SP 800-63B recommends using memory-hard functions such as Argon2, bcrypt, scrypt, or PBKDF2. These are designed to be expensive in both time and memory, making large-scale parallel cracking on GPUs or ASICs far more costly than simple hash functions.
Official sources
- NIST SP 800-63B Digital Identity Guidelines (Section 5.1.1 Memorized Secrets): pages.nist.gov/800-63-3/sp800-63b.html.
- NIST SP 800-132 Recommendation for Password-Based Key Derivation: csrc.nist.gov.
Reviewed by the CalculatorHub team, edited by James Graham, 15 June 2026. See our methodology.