Password Utilities

Estimate Hash Time

Calculates brute-force cracking time estimates for passwords based on character set, length, and hash algorithm performance. Use via MCP in Cursor or Windsurf for security assessments, or hit `/v1/password/hash-time` directly. Input "MyPass123!" with SHA-256 to get realistic time estimates. Factors in modern GPU cracking speeds and algorithm complexity for accurate threat modeling.

API Endpoint

GET /v1/password/hash-time

Code Examples

curl "https://tinyfn.io/v1/password/hash-time" \
  -H "X-API-Key: YOUR_API_KEY"
const response = await fetch('https://tinyfn.io/v1/password/hash-time', {
  headers: { 'X-API-Key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data);
import requests

response = requests.get('https://tinyfn.io/v1/password/hash-time',
    headers={'X-API-Key': 'YOUR_API_KEY'})
data = response.json()
print(data)

Use via MCP

Add to your AI agent

Connect your AI agent (Claude, Cursor, Windsurf, etc.) to TinyFn's password tools:

{
  "mcpServers": {
    "tinyfn-password": {
      "url": "https://tinyfn.io/mcp/password",
      "headers": {
        "X-API-Key": "YOUR_API_KEY"
      }
    }
  }
}

Learn more about MCP setup →

Related Tools

Analyze Password
Analyze password strength and characteristics.
Generate Password
Generate a secure random password.
Generate Passphrase
Generate a passphrase from random words.
Generate Pin
Generate a random PIN.
Is Common Password
Check if password is in common password list.
Suggest Improvements
Suggest improvements for a password.
Leetspeak Password
Convert a password to leetspeak (for demonstration, not secu
Generate Memorable
Generate a memorable password based on a pattern.

FAQ

How does hash time estimation work for password security?

It calculates theoretical brute-force time by combining password entropy (character set × length) with hash algorithm speed. Assumes optimal attack conditions with modern hardware.

What hash algorithms are supported for time estimation?

Common algorithms like MD5, SHA-1, SHA-256, bcrypt, scrypt, and Argon2. Each has different computational costs affecting cracking time significantly.

Can I use this MCP tool for security audits in Claude Code?

Yes, perfect for automated security reviews. Pass candidate passwords and get instant vulnerability assessments with realistic cracking timeframes.

Why do identical passwords show different crack times?

Hash algorithm matters enormously. MD5 might crack in hours while bcrypt with high cost could take centuries for the same password.

Does this account for real-world attack optimizations?

Estimates assume pure brute force. Real attacks use dictionaries, rainbow tables, and pattern recognition, often reducing actual time significantly.

Try Estimate Hash Time Now

Get your free API key and start using Estimate Hash Time in seconds.

Get Free API Key