I'm not sure that's right; cracking passwords is quite like a lottery too. Jack the Ripper doesn't just crunch through all possible permutations for instance - it is trying to hit the needle in the haystack.

What hashing does for passwords is increase the time taken to try one permutation. In an example I calculated (I wrote a

blog post on it last year) the ~10,000 rounds of hashing we use on some of our passwords increase the time to try each permutation from ~1/1,000,000th of a second to ~1/250th of a second for a typical 2 GHz Xeon core

In my example those thousands of rounds of hashing increasing the time taken by a hypothetical 1,000 quad-core machines to brute force a typical 8 character password (assuming you have the password file of course) from ~9 hours to ~4 years.

Hardware which can crunch SHA hashes at a rate many orders of magnitude more than a normal CPU effectively removes the advantage conveyed by the many rounds of hashing.

Kate.

Conceivably you can treat password cracking as a lottery too. But it would be a lottery with a single winning ticket. There is one important property of password cracking: it has to be exhaustive, i.e. search all the elements of the possible password space.

On the other hand Bitcoin is a lottery where the winning tickets are plentifull and constantly changing. With a still Bitcoin network there is a new winning ticket every second: the block time increments. With a live Bitcoin network there are additional winning tickets that are added every time a transaction gets propagated on the network. The set of possible winning tickets is not going to infinity because the some ticket will cease to be winning once their acceptable time window expires. And obviously the set of winning tickets has to be reinitialized once somebody mines a block and you have to change the "previous block" field and rebuild the merkle tree of the unmined transactions.

Lets consider a reverse example: suppose that you have a super-fast password cracker that only checks even passwords, i.e. those ending with B,D,F,... The trivial way to defeat it would be to use a password that is odd, i.e. one ending with A,C,E,...

But the above defective password cracker will be a perfectly good Bitcoin miner. That is because when mining Bitcoin you don't need to be exhaustive, you can randomly drop tickets without checking them if they were winning. All the mining infrastructure and protocols is designed around this property: keep printing tickets as fast as possible and don't care if some of them are mangled or dropped.

It is a major conceptual difference and I hope I managed to convey it to you.