Passwords are expensive to crack
Even assuming a centralized effort could be an order of magnitude more efficient, this still leaves us with an estimate of US$1M to perform a 2⁷⁰ SHA-256 evaluations and around US$1B for 2⁸⁰ evaluations1.
So it would cost $1M to crack a 71-bits-of-entropy password (on average..), and $1B to crack an 81-bit password.
|Pattern||bits of entropy||cost to crack|
|= 4·log2(65)||51.70 bits||<$1M|
|= 5·log2(65)||64.62 bits||<$1M|
|= 6·log2(65)||77.55 bits||$1M - $1B|
and the non-diceware passwords:
|Pattern||equation||bits of entropy||cost to crack|
|1234-56-7890||log2(10,000,000,000)||33.22 bits||probably a buck|
|wCEHMbIs||6·8||48 bits||could probably do it on an iPad|
|0mE07rdje4xzvxUE||12·8||96 bits||more than $1B|
|aT7bubJTM4w2RoyeNPsQ||15·8||120 bits||way more than $1B|
Now this is all Assuming lots of things, like:
the hash algorithm is SHA256, and not SHA224 or SHA512 or SHA3 or scrypt
we’re just doing one round (I think), not sha256(..sha256(x)..)
we can ignore all(?) of the known attacks on SHA256, like collision attacks (finding the collision would be even harder?), length extension attacks (again, harder?), attacks we don’t even know about…
the source is right
They provide a source paper2 that goes into depth:
In 2013, Bitcoin miners collectively performed ≈ 275 SHA-256 hashes in exchange for bitcoin rewards worth ≈ US$257M. … Even assuming a centralized effort could be an order of magnitude more efficient, this still leaves us with an estimate of US$1M to perform a 270 SHA-256 evaluations and around US$1B for 280 evaluations.