Hive’s research models a worst-case brute force attack scenario, where the hacker has already stolen a hashed password database and is using strong hardware to guess the correct hash.