Security Researchers Demonstrate RTX 4090 Password Cracking Power

Why is it important: Security researcher and password cracker Sam Crawley has posted tests highlighting the RTX 4090’s password cracking capabilities. Nvidia’s latest flagship GPU has broken previous RTX 3090 performance records and doubled performance for almost every algorithm tested. The cracked passwords followed best security practices and included random case letters, symbols, and numbers.

According to CrawleyThe giant GPU has been tested against the famous Microsoft New Technology LAN Manager (NTLM) authentication protocol, and Bcrypt password cracking feature. All tests were carried out using Hashcat v6.2.6 in test mode. Hashcat is a well-known and widely used password cracking tool used by system administrators, cybersecurity professionals, and cybercriminals to check or guess user passwords.

Based on test results, a fully equipped eight-GPU RTX 4090 password hashing rig will have the processing power to cycle through all 200 billion iterations of an eight-character password in 48 minutes. The result in less than an hour is 2.5 times faster than the previous RTX 3090 record. Both benchmark measurements were taken using only commercially available GPU hardware and related software.

The Hashcat software provides several types of attacks designed to facilitate password recovery or, depending on the user, unauthorized access to someone else’s accounts. These attack types include dictionary attacks, combinatorial attacks, mask attacks, rule-based attacks, and brute-force attacks.

Many of the attacks available in Hashcat and other password cracking tools can benefit from predictable human behavior, which often leads to poor security practices. For example, an attack might first focus on well-known words, terms or patterns in an attempt to minimize the time it takes to crack a user’s password. Using these types of lists and data in an attack can reduce the time it takes to crack a password from 48 minutes to a few milliseconds.

While the test results may seem ominous, it is important to note that the approach may only have a limited set of real-world use cases. MIRACLE This was announced by the chief operating officer Grant Wyatt. that these types of attacks typically target offline assets due to online security tools, methods, and configurations.

Image credit: Hashcat Logo from

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button