Nvidia’s new RTX 4090 graphics card is powerful enough to break password-cracking records, according to benchmarks from a password recovery company.
A password researcher was amazed by the benchmarks he published on Friday. The card “smashes almost every algorithm with an insane >2x increase over the 3090” said Sam Croley, a researcher and password cracker who also works as a core developer at Hashcat.
In tests with Microsoft’s New Technology LAN Manager (NTLM) authentication protocol, which is widely used in corporate networks to authenticate user identity, and with the widely used Bcrypt password hashing function, the GPU achieved record speeds of 300 GH/s and 200 kh/s .
In another tweeta hacker alias “TinkerSec” found that a hacker with a rig equipped with eight RTX 4090 GPUs could brute-force any combination (200 billion) of eight-character passwords in just 48 minutes. methods could go through.
This is much faster than the two and a half hours it would take to get the same results on the 3090, Nvidia’s previous flagship card, and would include passwords with random uppercase, lowercase, symbols and numbers.
The numbers are remarkable because while the RTX 4090 is pricey at £1,699 per unit, it’s still consumer-focused hardware and widely available at IT retailers. This can make the GPU a valuable investment for threat actors who are now able to source more power for custom hacking systems through legitimate channels.
However, experts who have spoken IT professional suggested that the application of such attacks in the real world is still limited, even with powerful hardware to support them.
“This type of device is typically used for offline password cracking as online solutions are typically resistant to such attack vectors,” said Grant Wyatt, COO at MIRACL.
In practice, since the majority of passwords created by users are not random strings of characters, but follow patterns of commonly used words, hackers can arrive at the correct password much sooner. If an RTX 4090 ran through a list of just the few hundred most likely passwords for an account, it could do it in milliseconds.
The risk of this is particularly high with passwords that are shared by employees and easy to remember. Dictionary attacks work the same way, with a rig using a list of the most common passwords and words within passwords to speed up the brute force process.
“Technical developments like these underscore the importance of good password hygiene,” Harold Li, VP, ExpressVPN. “With nothing being 100% unhackable and passwords being stolen all the time, consumers need to take steps to protect themselves.
“Password managers help users generate a strong, unique password for each account and store them all securely in an encrypted vault — while other good cybersecurity practices like using 2FA significantly reduce your risk.”
In order to keep passwords complex and at the same time avoid having to remember complicated sequences of letters and numbers, many companies choose to use password managers. These typically store passwords of 12 to 128 characters that could take hackers months, years, or many millions of centuries to crack using brute force alone.
IT professional asked Nvidia for comment.
Switch to business messaging and let richer connections begin
Build better customer relationships through quality conversations
Free download
CIO Priorities: 2020 vs. 2023
Priority is given to Zero Trust, SaaS security and its impact on SD-WAN
look now
Five must-have data integration capabilities for your cloud data warehouse
Data integration tools that are easy to use, flexible and scalable, and can work seamlessly across multiple environments
Free download
#Nvidias #RTX #powerful #passwordcracking #tool #PRO
Leave a Comment