One of the sentences of technological life is use of Passwords. Necessary, but a real gain when credentials of products and platforms on the Internet accumulate. A report from NordPasspassword manager developed by the team of Nordvpnof 2023 estimates that A person manages 100 different passwords. Have to create them and meet the requirements (number of characters, symbols and others) of each website requires A considerable effort (Unless passing management software is used) that few dobut there is a good reason for it to be so. And is that, To greater complexity, more time will take you to a hacker decipher it.
How much? That is clarified by the cybersecurity firm Hive Systemswhich has published the Password table that updates every year since 2020 and shows the speed with which a hacker You can decipher a password through brute force attacksaccording to its complexity.
Brute force attack with 12 RTX 5090 from Nvidia
A brute force attack is a technique used by cybercriminals to decipher passwords, keys or encrypted information by proof of all possible combinations until you find the correctsomething that is done automated by software.
In the analysis, Hive Systems establishes the strength of an encrypted password (hashed) in front of an attack attempt, Considering the length, complexity, the encryption algorithm used by the victim and the attacker’s hardware. For the new report, the ‘attacker’ had at his disposal with 12 GPU RTX 5090the most powerful of Nvidia For the technological consumer.
The 2025 password table
In 2025, any password only 4 charactersregardless of what it contains, it can be deciphered instantly In this scenario. One from 5 characters that includes numbers, upper and lower case letters could be discovered by a hacker in alone 2 hours. However, a password of 18 characters that use numbers, symbols, upper and lower case letters would take 463 quintillones of years in being decipherd.
If we go to most commonly requested standard on the Internet (8 characters that include numbers, letters with uppercase and lowercase and symbols), the hacker would take 164 years.
The table is based on the premise that the hacker works on a situation of ‘Black Box’that is to say, starting from scratch To try to decipher the password. According to Hive Systems, most hackers First prioritize common characters and passwords previously filtered, through dictionary attacks, stolen hashes or the so -called rainbow tables.
These are Databases which contain millions of password combinations and their respective hash values. When a password is saved in a system, It is not stored in flat text, but as an encrypted value generated by a hash function (using SHA-1 or MD5 encryption). This value is irreversible: the original password cannot be obtained directly from the hash.
However, if an attacker has access to a hash password database, he can Use an rainbow to compare those values with millions of hashes already known, without the need to calculate them in real time. If you find a coincidence, get the original password associated with that hash.
If your password has been Part of a previous filtration or contains words that appear in a dictionary, a hacker could decipher it instantlyregardless of how many characters, symbols or numbers include, explains Hive Systems. It should be noted that the estimates of the table assume that the password has not been filtered above.