Feb 10, 2025, 04:31 PM
Estimated Time to Crack 200,000 MD5 Hashes with an RTX 3080
Since you’re okay with some data loss (meaning you don’t need 100% of the hashes cracked), we can focus on the fastest methods.
Assumptions for Estimation
Attack Type
Estimated Success Rate
Time for 200,000 HashesDictionary Attack (Common passwords)
30-70%
Minutes to a few hours
Dictionary + Rules (Best64.rule)
50-80%
A few hours
Hybrid Attack (wordlist + numbers)
50-90% (if structured)
Hours to 1 day
Brute Force (random 10-char)
<1% (if fully random)
Years (not feasible)
Best Strategy for Speed
Since you’re prioritizing speed over completeness, follow these steps:
1. Dictionary Attack (Fastest)
Run first (should crack 30-70% of hashes in minutes to hours).
sh
CopyEdit
hashcat -m 0 -a 0 hashes.txt wordlist.txt --force
Expands common password variations (~80% success within hours).
sh
CopyEdit
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule --force
If passwords have patterns like "Michael1995" or "Hunter1234".
sh
CopyEdit
hashcat -m 0 -a 6 hashes.txt wordlist.txt ?d?d?d?d
Final Time Estimate
What You Should Do
4o
Since you’re okay with some data loss (meaning you don’t need 100% of the hashes cracked), we can focus on the fastest methods.
Assumptions for Estimation
- RTX 3080 Hashrate for MD5: ~60 GH/s (60 billion hashes per second).
- Password Complexity:
- Easy passwords (common words, names, simple patterns like "Password123") → Cracked instantly.
- Moderate passwords (slightly altered, "Hunter2023!") → Cracked in minutes to hours.
- Completely random 10-character passwords → Mostly uncrackable in a reasonable time.
- Easy passwords (common words, names, simple patterns like "Password123") → Cracked instantly.
Attack Type
Estimated Success Rate
Time for 200,000 HashesDictionary Attack (Common passwords)
30-70%
Minutes to a few hours
Dictionary + Rules (Best64.rule)
50-80%
A few hours
Hybrid Attack (wordlist + numbers)
50-90% (if structured)
Hours to 1 day
Brute Force (random 10-char)
<1% (if fully random)
Years (not feasible)
Best Strategy for Speed
Since you’re prioritizing speed over completeness, follow these steps:
1. Dictionary Attack (Fastest)
Run first (should crack 30-70% of hashes in minutes to hours).
sh
CopyEdit
hashcat -m 0 -a 0 hashes.txt wordlist.txt --force
- If your wordlist is strong, expect 50-70% of hashes cracked within minutes.
Expands common password variations (~80% success within hours).
sh
CopyEdit
hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule --force
- This adds capitalization, numbers, and basic modifications.
- Expect 80% cracked in 2-6 hours.
If passwords have patterns like "Michael1995" or "Hunter1234".
sh
CopyEdit
hashcat -m 0 -a 6 hashes.txt wordlist.txt ?d?d?d?d
- Appends 4 digits (use
?d?d?d?d?d?d
for 6 digits).
- Expect up to 90% success within 6-12 hours.
Final Time Estimate
- Fastest attack (dictionary only): Minutes to 2 hours (~50-70% cracked).
- Adding rule-based mutations: 2-6 hours (~80% cracked).
- Hybrid for numbers at the end: 6-12 hours (~90% cracked).
- Brute force for full 10-character random passwords: Unrealistic (years).
What You Should Do
- Run the dictionary attack first (fastest win).
- If results are low, apply rule-based attacks.
- If needed, use hybrid attacks for number patterns.
- Skip brute-force unless you KNOW passwords follow a pattern.
4o
