[erros]

Just out of curiosity I booted up a box with 10x RTX A6000 @ 451.6 TFLOPS

    Speed.#1.........:    38789 H/s (11.17ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#2.........:    39017 H/s (11.17ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#3.........:    38894 H/s (11.16ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#4.........:    39254 H/s (11.02ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#5.........:    38626 H/s (11.17ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#6.........:    39448 H/s (10.94ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#7.........:    39256 H/s (11.06ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#8.........:    38966 H/s (11.14ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#9.........:    38870 H/s (11.17ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#10.........:    39259 H/s (11.01ms) @ Accel:128 Loops:64 Thr:64 Vec:1
    Speed.#\*.........:   390.0 kH/s

Used the same example as the author with 100500 iterations. I think with some good wordlists, I'd wager a ton of low hanging fruits will be wiped within a reasonable time. If we're talking a threat actor with $$, they'd do some serious damage on this dump.

*edit: just wanted to clarify that I think bruteforcing this dump wouldn't be as useful. It would still take a crapload of resources to be effective or useful in that scenario.

[t0mas88]

So you're doing 4e10 hashes per second or 390k password guesses per second. At what price per hour?

[erros]

Used vast.ai for this setup: $5.875/hr. Using their API you can likely find better deals and launch a series of different setups and optimize your spending. Hope that helps.

[yardstick]

To be fair I don’t think nation state actors care about the bill. Be it US, China, Russia, Saudi, etc.

[dylan604]

Do you get extra credit if one of the first accounts you hack has a cloud provider account credentials that you can then spin up more machines to further the attack on someone else's dime?