(Commonwealth Union)_Sam Croley, a security researcher, tweeted about how amazing the new RTX 4090 graphics card from Nvidia actually is at breaking passwords. It turns out that even when up against Microsoft’s New Technology LAN Manager (NTLM) authentication system and the Bcrypt password-hacking capability, it can decrypt one of your passwords twice as fast as the previous winner, the RTX 3090.
This basically means that any affluent gamer with an RTX 4090 can break an average password in a couple of days, and that’s assuming you adhere to decent password-setting standards, which most of us most certainly don’t.
System administrators and cybersecurity professionals should use the well-known password-cracking tool HashCat V.6.2.6, the benchmark (of which Croley was a core programmer). It gives researchers the ability to confirm or make assumptions about user passwords in the rare instances where it would be necessary.
Unfortunately, it suggests that cybercriminals can also complete it. Deploying these tools is now simpler than ever thanks to advancements in graphical user interfaces (GUIs) and the user-friendliness of these programmes on contemporary PCs with high-performance graphics cards.
Testing reveals that the RTX 4090 surpasses the RTX 3090 in nearly every algorithm, with a performance increase that is still greater than what we see in the RTX 4090’s graphics performance. This is probably because Nvidia continues to spend a lot of time and money improving the design of its graphics chips in order to boost its performance in data centres. The HashCat programme offers a number of attack methods, including dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force attacks, all of which the RTX 4090 excelled at.
The researchers claim that an eight-character password may be broken using a specially designed password hashing device that connects eight RTX 4090 GPUs in 48 minutes. According to data from 2017 and Statista, the majority of leaked passwords (32% of them) are 8-character passwords. Despite being the most common length for passwords, they are not always the least safe. They can now be eliminated by a “specialised” hashing rig in less than an hour.
Another interesting factor to take into account is the price of password cracking; buying a $1,600 RTX 4090 is expensive, and each password cracking effort also results in electricity expenditures. Consequently, it’s not just a matter of will. Password cracking will continue to be affordable thanks to the RTX 4090 as long as new powerful GPUs are produced and security measures are mostly unaltered.
