How long to guess a hash?

OWASP has guessing timing equation

where A is guesses per second, B is the number of bits of randomness in the hash and S is the number of sessions that are valid to guess.rM8


  1. Neil Madden, “Moving Away from UUIDs,” Neil Madden (blog), August 30, 2018, https://neilmadden.blog/2018/08/30/moving-away-from-uuids/. (See notes.)