Just An Hour Is Enough for Eight RTX 4090s To Break Passwords!

Author

Sreyasha

Date

Oct, 18.2022

Sam Croley, the Security researcher has shared on Twitter about the performance of Nvidia’s new RTX 4090 and how it is brilliantly cracking passwords. It is faster than the previous leader, RTX 3090, at breaking one of your passwords even when faced off against Microsoft’s New Technology LAN Manager (NTLM) authentication protocol and the Bcrypt password-hacking function. 

So, this also means that it will just take a few days for a wealthy gamer sporting the RTX 4090 to crack an average password. This will happen definitely if you follow good password-setting practices.  

For system administrators and cybersecurity professionals, HashCat V.6.2.6 is a renowned password-cracking tool. It let the researchers test or guess user passwords in the few situations that might require it. 

This means that cybercriminals can do it as well. It has now become easier to deploy these tools with the evolution in graphical user interfaces (GUIs) and the ease of use of these programs in modern computers having high-performance graphics cards.  

The RTX 4090 has achieved victory over RTX 3090 with a doubled performance which is not at all shocking, even if that represents a higher performance improvement than we see in RTX 4090’s graphics performance. Nvidia is investing a lot of its graphics chip design development so that it can bring out a good performance on the data-center side. The RTX 4090 shone across several attack types provided in the HashCat software namely, dictionary attacks, combinator attacks, mask attacks, rule-based attacks, and brute force attacks. 

As per the researchers, a purpose-built password hashing rig can crack the eight-character password in 48 minutes. These passwords are common among leaked passwords. This does not mean they are not safe. It is just the most common password character length. Now they can be taken out in under an hour by a “specialized” hashing rig. 

That assumes that the password is eight characters long at least and follows the required conventions i.e., one number and a special character.  

Password cracking requires a cost and investing in a $1,600 RTX 4090 is costly and every attempt of cracking a password will incur power costs. RTX brings down the cost to crack passwords.  

If we look at the cost decreasing in password-cracking just with GPUs, a need for upgradation to new security seems necessary. 

Nothing to worry as not every RTX 4090 owner would be doing this. And moreover, HashCat and tools like that are usually deployed against offline assets, not online ones. Thus, the chances of your PC being targeted by RTX 4090-owner is very less, almost nonexistent.  

To conclude, it is advised that it’s still a good idea to brush up on online security best practices, starting with storing lengthier passwords in one of the best password managers.