Passwords are expensive to crack

Even assuming a centralized effort could be an order of magnitude more efficient, this still leaves us with an estimate of US$1M to perform a 2⁷⁰ SHA-256 evaluations and around US$1B for 2⁸⁰ evaluations1.

So it would cost $1M to crack a 71-bits-of-entropy password (on average..), and $1B to crack an 81-bit password.

Pattern bits of entropy cost to crack
MotocrossVarietyGaveScroll    
= 4·log2(65) 51.70 bits <$1M
MotocrossVarietyGaveScrollFilter    
= 5·log2(65) 64.62 bits <$1M
MotocrossVarietyGaveScrollFilterUncombed    
= 6·log2(65) 77.55 bits $1M - $1B

and the non-diceware passwords:

Pattern equation bits of entropy cost to crack
1234-56-7890 log2(10,000,000,000) 33.22 bits probably a buck
wCEHMbIs 6·8 48 bits could probably do it on an iPad
abcdefghijklm 13·log2(26) 61.11 bits <$1M
H65j/aS5vfmm 9·8 72 bits $1M
0mE07rdje4xzvxUE 12·8 96 bits more than $1B
aT7bubJTM4w2RoyeNPsQ 15·8 120 bits way more than $1B

Now this is all Assuming lots of things, like:

  • the hash algorithm is SHA256, and not SHA224 or SHA512 or SHA3 or scrypt

  • we’re just doing one round (I think), not sha256(..sha256(x)..)

  • we can ignore all(?) of the known attacks on SHA256, like collision attacks (finding the collision would be even harder?), length extension attacks (again, harder?), attacks we don’t even know about…

  • the source is right

They provide a source paper2 that goes into depth:

In 2013, Bitcoin miners collectively performed ≈ 275 SHA-256 hashes in exchange for bitcoin rewards worth ≈ US$257M. … Even assuming a centralized effort could be an order of magnitude more efficient, this still leaves us with an estimate of US$1M to perform a 270 SHA-256 evaluations and around US$1B for 280 evaluations.

  1. https://lobste.rs/s/x6bt1h/xkcd_s_correcthorsebatterystaple#c_ppfhfn 

  2. https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-bonneau.pdf