Eight RTX 4090s Can Break Passwords in Under an Hour
Security researcher Sam Croley said: twitter To share how good Nvidia’s new RTX 4090 really is… at cracking passwords. Microsoft’s New Technology LAN Manager (NTLM) authentication protocol and Bcrypt Password hacking function.
Essentially, this means that any wealthy gamer with an RTX 4090 can crack the average password in days.
The benchmark, HashCat V.6.2.6., is a well-known password cracking tool best left in the hands of system administrators and cybersecurity experts (Croley was the core programmer, by the way). This allows researchers to test or guess a user’s password in several situations where a user password might be required.
Unfortunately, this means cybercriminals can do it too. And the evolution of graphical user interfaces (GUIs) and the ease of use of these programs on modern computers with high-performance graphics cards makes deploying these tools easier than ever.
First @hashcat benchmark on the new @nvidia RTX 4090! It shows a very high gain of more than 2x over the 3090 for almost all algorithms. Easy to set records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks Blazer for running. Full benchmark here: https://t.co/Bftucib7P9 pic.twitter.com/KHV5yCUkV4October 14, 2022
In our tests, the RTX 4090 outperformed the RTX 3090 in almost every algorithm, nearly doubling the performance. This isn’t all that shocking, even if it does represent a higher performance boost than the RTX 4090’s graphics performance. This is the result of a lot of investment in The RTX 4090 excelled at several attack types offered by HashCat software: dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force attacks.
Researchers estimate that using a dedicated password hashing rig (8 RTX 4090 GPUs paired), an 8-character password can be cracked in 48 minutes. According to Statista and 2017 data, 8-character passwords are the most common among leaked passwords, commanding a 32% share of them. This does not mean they are the least secure. This most likely means the character length of the most common passwords. And a “dedicated” hashing rig was able to retrieve them in less than an hour.
Of course, this assumes that your password is at least eight characters long and follows the required rules (including at least one numeric and special character). However, when HashCat is driven to test the most commonly used passwords, a cracking operation can theoretically take 48 minutes to try all 200 billion possible combinations in milliseconds. . But it was a matter of course. Even humans can crack passwords like “123456” very quickly. Clearly the most common password of 2021. (opens in new tab).
Another interesting factor to note is that password cracking naturally has an associated cost. Investing in a $1,600 RTX 4090 is costly, plus power costs every time you try to crack a password. So it’s not just a matter of will. What the RTX 4090 does is actually reduce the cost of cracking passwords.This will happen as long as more powerful GPUs come out, with security algorithms remaining relatively static. Sam Crowley There is a very detailed and interesting analysis in his blog post He details his findings on the $/hash ratio.
Of course, another chip on the shoulders of cybersecurity is the amount of data that needs to be encrypted against the inexorable development of quantum computing. From the looks of it, it seems that current security will sooner or later have to be upgraded to new post-quantum algorithms.
rest assured. Not all RTX 4090 owners use their top-end graphics cards for password-cracking entertainment. Additionally, the ease of password cracking of tools such as HashCat is typically deployed against offline rather than online assets. This means that your PC is a slim chance of being a target for cracking passwords at her RTX 4090 owner’s will.
Still, in light of this, brushing up on online security best practices is probably still a good idea. Start by storing longer passwords in her one of the best password managers.