In this work we analyze the average guesswork for the problem of hashed passwords cracking (i.e., finding a password that has the same hash value as the actual password). We analyze the average guesswork under both online and offline attacks by deriving upper and lower bounds on the average guesswork as a function of the bins to which passwords are mapped, along with the most likely average guesswork, that is, the average guesswork of the most likely set of bins. Furthermore, we provide a concentration result that shows that the probability mass function of the guesswork is concentrated around its mean value. These results give quantifiable bounds for the effect of bias as well as the number of users on the average guesswork of a hash function, and show that increasing the number of users has a far worse effect than bias in terms of the average guesswork.