Nvidia RTX 4090 It would seem that the graphics card is a bit heavy handed when it comes to the power and brute force required to crack passwords.
How Tom’s equipment (opens in a new tab) according to security researcher Sam Crowley, who tweeted about the RTX 4090’s ability to handle this task, according to tests performed with HashCat (a password cracking tool).
First @hashcat tests on the new @nvidia RTX 4090! For almost every algorithm, that’s a crazy >2x boost over the 3090. Easy records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks blazer for the run. Full tests here: https://t.co/Bftucib7P9 pic.twitter.com/KHV5yCUkV4October 14, 2022
Lovelace’s new flagship appears to have an “insane” increase in hacking performance of more than two times compared to RTX 3090 for “almost every algorithm”. The new GPU was particularly adept at brute-force attacks, combinatorial attacks, dictionary attacks, mask attacks, and rule-based attacks.
As Tom’s points out, it’s estimated that a system built specifically for cracking using eight RTX 4090 graphics cards (yes, an expensive endeavor) can crack a password eight characters long—the most common number—in less than an hour (48 minutes).
If you are talking about unsafe passwords – you know the variety“password”, “123456” or slightly more complicated, but generally simple attempts – then they can be hacked in the blink of an eye, more or less.
Analysis: Password fears as more powerful cracking technologies become more available
Of course, this all sounds pretty alarming, but that doesn’t mean your password protection is going to collapse tomorrow (unless you’re using hashed passwords, reusing passwords on different sites, or using any number of other bad security practices that, frankly, it doesn’t take an RTX 4090 in the wrong hands to get hot water).
It serves as a reminder of just how affordable this kind of computing power is now that a fairly well-heeled gamer or PC enthusiast can grab an RTX 4090 and possibly abuse it in that way.
How about really secure passwords? Or really the ones the password manager came up with in all their seriously complicated glory? Crawley responds to a query in this Twitter thread where a user asks how long it takes to enter a 15-digit NTLM (Microsoft’s New Technology LAN Manager) password.
Crawley responds: “If it’s randomly generated by something like a password manager, too long. There are 95 characters in the total “full character set”, and 95^15 is too large a keyspace for virtually anyone to attack. It doesn’t really matter how many 4090s there are or who they are, it’s still too big.”
So, is this an argument for getting yourself a password manager? Perhaps, and certainly, this is food for thought. If you’re considering grabbing such a program, head over to our review the best password managers, where we select the best performers in the field. And if you don’t use a password saver, make sure you don’t take any silly shortcuts like using obvious passwords, writing them down somewhere in a notebook, or something like that…
https://www.techradar.com/news/nvidia-rtx-4090-gpu-is-alarmingly-good-at-cracking-passwords/