CrackQ:
"We're talking hundreds of billions of guesses per second in many cases." (Click here for more info)
That compared to
"Multi One Password" hashed "Final Passwords" is really nothing! (Click here for more info)
Iterations and Extra Salt - Multi One Password (Click Here)
Bcrypt (vs) Multi One Password! (Click Here)
For each password, "Multi One Password" manager uses by default a random 248 long characters salt that contains (uppercase\lowercase\digit) characters only and a random 128 long characters salt that contains hex symbols only!
So, here is a quick demonstration on how "hundreds of billions of guesses per second" is really nothing:
999 000 000 000 guesses in 1 second! (999 Billions!)
100000000 seconds = 3.1709791984 years
16^128 (All the 128 possible combinations between the 16 hex symbols!)
62^248 (All the 248 possible combinations between (Uppercase\Lowercase\Digit) characters!)
_____________________________________________________________________________________
999 000 000 000 x 100000000 = below
99 900 000 000 000 000 000 guesses in 3 years!
16^128 = 1.340781e+154 = below
13407810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Even in 3 years, CrackQ is still far far away to guess all the (16^128) possibilities alone!
Well, for (62^248) which is "Infinity" or "Error" in some calculators, hackers really can't do nothing with CrackQ!
_____________________________________________________________________________________
RTX 2080 Ti GPU (Year 2018, $999 US Dollars)
10 x RTX 2080 Ti GPU ($9 990 US Dollars) can guess 25054.2 MH/s SHA2-512 ~= 25 Billions per second! (Click here for more info)
It means that 100 x RTX 2080 Ti Gpu ($99 900 US Dollars) can guess 250 Billions! (Still less than 999 Billions!)
_____________________________________________________________________________________
Since 2019, the below hashed string generated in "Multi One Password" manager was sent to the CrackQ team to crack it, but no response received from them yet:
58530dfe0bc9c45fc074f56bb05a4d991cc9aa38144774b3014277ae353d7fa0a18aa6b6a33bf7b76ca313c3aa3f8d0e9913e7fcefab3dd3f0461a68a40bb587
The password is 10 characters long and contains only lowercase characters!
(Note) From the demonstration above, it would take CrackQ far and far more than 3 years to find the original password!
for aaaaaaaaaa + (16^128 + 62^248) = An Eternity
+
for aaaaaaaaab + (16^128 + 62^248) = An Eternity
+
for aaaaaaaaac + (16^128 + 62^248) = An Eternity
+...
for zzzzzzzzzz + (16^128 + 62^248) = An Eternity
Even if the "Random Code (Salt)" was made available to the CrackQ team, it would still be almost impossible for them to crack the above SHA512 hashed string because "Multi One Password" manager uses by default 15000 to 16000 iterations!
15000 iterations requires at least 1 second for the "Final Password" to be generated! (For average computers!)
26^10 (All the 10 possible combinations between the 26 Lowercase characters!)
26^10 = 1.411671e+14 = 141167100000000 total guesses
141167100000000 x 1 second = 141167100000000 seconds = 4476379 years
So, it would take them 4476379 years to crack the SHA512 hashed string above even if the "Random Code (Salt)" was made available to them! (well for 25000 or higher iterations even an eternity wouldn't be enough!)
[Note]:
for 15000 iterations, a super server can generate "Final Passwords" in 1 milliseconds = 0.001 seconds
141167100000000 x 0.001 second = 141167100000 seconds = 4476 years
for 15000 iterations, a super server can generate "Final Passwords" in 0.1 milliseconds = 0.0001 seconds
141167100000000 x 0.0001 second = 14116710000 seconds = 447 years
and son on ...!
_____________________________________________________________________________________
Since 18 Feb 2020,
TeraHash(Click here) still didn't crack the bellow 1 character long SHA512 hashed password (which is a lowercase letter) with its $1.4 Million configuration of 448 x GeForce RTX 2080 GPUs:
6d78101f3965681a61ab72365de3f9052d6da65f5a42ea6d4a6e68f02b81d32825388837ee9d61e5314cfca90d5638316c1465634fcad42c8cf1a744cc924947
That's really embarrassing!
In 2020, the founder of the almost defunct @TerahashCorp, @jmgosney, claimed he would crack the 10 chars long hashed password in under 3 minutes, so we decided to give him the 1 char long hashed password in order to allow him to crack it in under 1 minute! (1 year has passed and he still didn't crack none of them! This is FANTASTIC and AWESOME!!!)