Connection to DriversCloudCreate a DriversCloud.com accountReset your DriversCloud.com passwordAccount migration
Multiple GeForce RTX 4090 cards to crack eight-character passwords in hours
The latest GPUs from NVIDIA could attack such passwords simply by "brute force".
The term speaks for itself, but to leave no room for doubt, let's clarify. Brute force" is not a particular technique to discover a password. Or rather, let's say it is the most basic technique there is: it is simply trying, one by one, all possible combinations for a given password. In fact, at some point, you will discover it, but in the case of an 8-character password that can include upper and lower case letters, numbers and symbols, we are talking about several thousand billion combinations.
If we do the math for NTLM, 300GH/s is 300 Billion hashes per second, ?a is 95 characters, length 8 makes it a keyspace of 95^8, divide that by the speed and get 22111 seconds. Then convert from seconds and you get 368 minutes or 6.1 hours to complete the keyspace on 1x 4090 GPU.
- Chick3nman 🐔 (@Chick3nman512) October 14, 2022
A number that does not scare the latest graphics card developed by NVIDIA, however. A security analyst in Austin, Texas, Sam Croley is the creator of Hashcat, a password recovery tool. The program is also used to evaluate the power of a computer solution to discover a password by brute force. In this "little game", the GeForce RTX 4090 is nothing less than twice as powerful as the GeForce RTX 3090. More interestingly, on Twitter, Sam Croley explains that an RTX 4090 would need only 6.1 hours to discover an 8-character password consisting of upper and lower case letters, numbers and symbols.
Even more dramatically, combining several RTX 4090 cards together logically reduces this time significantly and WCCFTech points out that the graphics card would be able to break authentication protocols such as Microsoft's New Technology LAN Manager (NTLM) or the Bcrypt password hashing function created by Niels Provos and David Mazières. In fact, we can say that an eight-character password is no longer sufficient protection, but with the rise in power of GPUs, we can imagine that 12- or 16-character passwords will no longer be sufficient either.
In the meantime, if you've been using your first pet's name or your child's birth date as your password for the past five years, it may be time to change.