Sam Croley, a security researcher, expressed on Twitter how amazing the new RTX 4090 graphics card from Nvidia is. adept in breaking passwords. It turns out that it can crack one of your passwords twice as quickly as the previous leader, the RTX 3090, even when up against Microsoft’s New Technology LAN Manager (NTLM) authentication mechanism and the Bcrypt password-hacking feature.
This means that any wealthy gamer with an RTX 4090 can break a typical password in a matter of days, and that’s assuming you use good password-setting techniques.
HashCat V.6.2.6, the benchmark, is a well-known password-cracking tool that is best used by system administrators and cybersecurity experts (of which Croley was a core programmer, by the way). In the few circumstances where it would be necessary, it enables researchers to verify or speculate about user passwords.
Sadly, this implies that cybercriminals can also accomplish it. Deploying these tools is now simpler than ever thanks to advancements in graphical user interfaces (GUIs) and the user-friendliness of these programs on contemporary PCs with high-performance graphics cards.
Initial @hashcat testing on the brand-new @nvidia RTX 4090! For almost every algorithm, there is an absurd >2x uplift over the 3090. Easily capable of breaking records: 200kh/s bcrypt with OC and 300GH/s NTLM! In appreciation for the run, blazer
Although it still represents a bigger performance boost than we observe in the RTX 4090’s graphics performance, testing shows that the RTX 4090 outperforms the RTX 3090 in practically every algorithm with almost doubled performance. This is probably because Nvidia continues to spend a lot of time and money improving the design of its graphics chips to boost its performance in data centers.
The HashCat program offers some attack methods, including dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force attacks, all of which the RTX 4090 excelled at.
According to the researchers, an eight-character password could be cracked in 48 minutes using a specially constructed password hashing apparatus that pairs eight RTX 4090 GPUs. 8-character passwords make up the majority of leaked passwords, accounting for 32% of them, according to Statista and statistics from 2017. They are most likely the most popular length for passwords, which doesn’t mean they’re the least secure. They can now be eliminated by a “specialized” hashing rig in less than an hour.
Of course, that requires that the password complies with the necessary guidelines and is at least eight characters long (at least one number and a special character included). However, when used to test the most popular passwords, HashCat can speed up a theoretical 48-minute cracking effort by attempting all 200 billion possible combinations. However, it was to be expected as even a human would have no trouble breaking a password like “123456,” which appears to be the most popular one in 2021.
The cost of password cracking is another intriguing point to consider; purchasing a $1,600 RTX 4090 is expensive, and electricity costs are also incurred with each password-cracking attempt. Therefore, it’s not merely a question of will. The RTX 4090 lowers the cost of actually cracking passwords, which will continue to happen as long as more potent GPUs are released and security methods are mostly unchanged. Jacob Egner has a very thorough and fascinating examination of his findings regarding the $/hash ratios in his blog post.
Also read:
