How many SHA256 hashes can a modern computer compute?

Xeoncross picture Xeoncross · Jan 21, 2011 · Viewed 17k times · Source

I want to know the mathematical time required for cracking hashes based off different sets of characters.

For example, using only 7 letter, US-ASCII alphabetic characters we know that there are 267 possible sequences that could be used. Knowing how many of these could be generated by a computer each minute would give me an idea of how long it would take to generate all possible hashes and crack a certain 7 character hash (birthday attacks aside).

For example, taking the number above, if a modern quad core could generate 1 million hashes each minute it would take 8031810176 / 1000000 / 60 = 133.86 hours to find all possible hashes in that range.

Also, how does the new Sandy Bridge Intel chips with native AES play into this?

Answer

orlp picture orlp · Jan 22, 2011

I wrote this test in C using the OpenSSL SHA256 implementation.

#include <stdio.h>
#include <string.h>
#include "openssl/sha.h"

// http://stackoverflow.com/questions/4764608/generate-all-strings-under-length-n-in-c/4764686#4764686
int inc(char *str) {
    if (!str[0]) return 0;

    if (str[0] == 'z') {
        str[0] = 'a';
        return inc(str + sizeof(char));
    }

    str[0]++;
    return 1;
}

unsigned char buffer[65];
char* hashstring(char *str, int len) {
    char hash[SHA256_DIGEST_LENGTH]; // the openssl hash
    SHA256_CTX sha256;
    int i; // counter

    SHA256_Init(&sha256);
    SHA256_Update(&sha256, str, len);
    SHA256_Final(hash, &sha256);

    for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
        sprintf(buffer + (i * 2), "%02x", hash[i]); // convert openssl hash to mortal human string
    }

    return buffer;
}

int main(int argc, char *argv[]) {
    int N = 4; // max length string
    char str[N+1]; // the string holder
    int i; // counter

    unsigned int tot = 0; // number of hashes calculated

    for (i = 0; i < N; i++) str[i] = 'a';
    str[N] = 0;

    do {
        hashstring(str, N);
        tot++;
    } while(inc(str));

    printf("%d\n", tot);
}

Compile:

gcc -lcrypto -O3 -o test test.c

And results (I know, I'm not very creative with computernames):

nightcracker@nightcracker-pc:~/c/sha256$ time ./test
11881376

real    3m2.431s
user    3m2.335s
sys 0m0.008s

So that's 11881376 / 182.4 = 65139 hashes per second. Then it's 26^7/101821/3600 = 34 hours to compute all the hashes. Please note, all of this was done on a Q6600 quad-core CPU in a single-threaded application and excluded writing the hashes to file.

EDIT

Woops, I was calculating all the hashes of strings with N characters and below. Corrected and data updated.