Brute Force Attack Time Calculator
ANA›Life Services Authority›National Calculator Authority›Brute Force Attack Time Calculator
.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }
Brute Force Attack Time Calculator
Estimate how long it would take to crack a password using a brute force attack, based on password length, character set size, and the attacker's guessing speed.
Password Length (characters)
Character Set
Digits only (0–9) — 10 characters Lowercase letters (a–z) — 26 characters Upper + Lowercase letters — 52 characters Alphanumeric (a–z, A–Z, 0–9) — 62 characters Alphanumeric + Common Symbols — 72 characters Full Printable ASCII — 95 characters Custom character set size
Custom Character Set Size
Attack Speed (guesses per second)
Online attack — slow (1,000 / sec) Online attack — fast (100,000 / sec) Offline attack — GPU (1 billion / sec) Offline attack — GPU cluster (100 billion / sec) Nation-state / ASIC (1 trillion / sec) Custom speed
Custom Attack Speed (guesses/sec)
Calculate
Fill in the fields above and click Calculate.
(function() { // Show/hide custom charset input document.getElementById('bru-charset').addEventListener('change', function() { document.getElementById('bru-custom-group').style.display = this.value === 'custom' ? 'block' : 'none'; });
// Show/hide custom speed input document.getElementById('bru-speed').addEventListener('change', function() { document.getElementById('bru-custom-speed-group').style.display = this.value === 'custom' ? 'block' : 'none'; });
window.bruCalc = function() { const resultEl = document.getElementById('bru-result');
// --- Gather inputs --- const lengthVal = document.getElementById('bru-length').value.trim(); const charsetSel = document.getElementById('bru-charset').value; const speedSel = document.getElementById('bru-speed').value;
// Validate length const length = parseInt(lengthVal, 10); if (!lengthVal || isNaN(length) || length 128) { resultEl.innerHTML = '⚠ Please enter a valid password length between 1 and 128.'; return; }
// Validate charset let charsetSize; if (charsetSel === 'custom') { const customCharset = document.getElementById('bru-custom-charset').value.trim(); charsetSize = parseInt(customCharset, 10); if (!customCharset || isNaN(charsetSize) || charsetSize 1000) { resultEl.innerHTML = '⚠ Please enter a valid custom character set size between 2 and 1000.'; return; } } else { charsetSize = parseInt(charsetSel, 10); }
// Validate speed let speed; if (speedSel === 'custom') { const customSpeed = document.getElementById('bru-custom-speed').value.trim(); speed = parseFloat(customSpeed); if (!customSpeed || isNaN(speed) || speed ⚠ Please enter a valid custom attack speed (≥ 1 guess/sec).'; return; } } else { speed = parseFloat(speedSel); }
// --- Core formula --- // Total combinations = charsetSize ^ length // Worst-case time (seconds) = combinations / speed // Average time (seconds) = combinations / (2 * speed)
// Use logarithms to avoid overflow for large exponents // log10(combinations) = length * log10(charsetSize) const log10Combinations = length * Math.log10(charsetSize); const log10Speed = Math.log10(speed);
// log10(worstCaseSeconds) = log10Combinations - log10Speed const log10WorstSec = log10Combinations - log10Speed; const log10AvgSec = log10Combinations - Math.log10(2 * speed);
// Entropy in bits = length * log2(charsetSize) const entropyBits = length * Math.log2(charsetSize);
// Convert seconds to human-readable function secondsToHuman(log10Sec) { if (log10Sec 15) { return "10^" + log10Sec.toFixed(1) + " seconds (effectively uncrackable)"; } return (seconds / trillion).toFixed(2) + " trillion years"; }
// Format combinations function formatCombinations(log10Val) { if (log10Val ${strength.label}
Total Combinations ${combStr}
Password Entropy ${entropyBits.toFixed(2)} bits
Worst-Case Crack Time ${worstHuman}
Average Crack Time ${avgHuman}
Based on a character set of ${charsetSize} characters, password length ${length}, and attack speed of ${speed.toLocaleString()} guesses/sec.
`; }; })();
#### Formula
Total Combinations: C = NL
Worst-Case Time: Tworst = C / S
Average Time: Tavg = C / (2 × S)
Password Entropy: E = L × log2(N) (bits)
Where:
- N = character set size (number of possible characters)
- L = password length (number of characters)
- S = attack speed (guesses per second)
- C = total possible combinations
The worst-case time assumes the attacker must try every possible combination. On average, the correct password is found halfway through the search space, hence the division by 2.
#### Assumptions & References
- Password entropy formula: NIST SP 800-63B — Digital Identity Guidelines.
More Calculators
- Deck Joist Span Calculator
- Collections Removal Timeline Estimator
- Drywall Screw Quantity Calculator
- Drywall Weight and Load Calculator
- Roof Drainage Area Calculator
- Gutter Slope and Pitch Calculator
- SR-22 Insurance Cost Estimator
- Property Damage Loss Assessment Calculator
- Adjuster Liability Exposure Calculator
- Bad Faith Claim Penalty Estimator
- Claims Payout Estimator
- Flood vs Standard Coverage Gap Calculator
Read Next
Study Time Planner Authority Network America › Life Services Authority › National Calculator Authority .calc-container { max-width: 640px;...