From www.tomshardware.com

Nvidia RTX 4090

(Image credit: Nvidia)

The best graphics cards are great for gaming but can also help crack passwords. Hive Systems, a cybersecurity solution provider, has released the 2024 edition of its Hive Systems Password Table and some additional studies detailing how long it takes different Nvidia graphics cards to crack a password.

Unlike other studies where firms used AI to crack passwords, Hive Systems’ approach is based on hashes. Hashing consists of scrambling the password into an enigmatic combination of letters and numbers. Servers store passwords in the form of hashes, so even if a hacker steals the database, they see the hashes, not the actual password. Hackers play around with different combinations of characters, hashing them and comparing them to stolen databases with password hashes to look for matches.

A computer is sufficient to perform hashing, but graphics cards, such as Nvidia’s GeForce RTX 4090 or the A100, can accelerate the process substantially. Hive Systems utilized Hashcat, a hashing software, to benchmark the time required to crack different passwords. Unlike previous iterations of its research centered around MD5 hashing, Hive System included results with bcrypt, which is a more complicated password hashing algorithm to break than MD5.

Swipe to scroll horizontally

Graphics CardNumbers OnlyLowercase LettersUpper and Lowercase LettersNumbers, Upper and Lowercase LettersNumbers, Upper and Lowercase Letters, Symbols
GeForce RTX 2080Instantly6 Seconds24 Minutes2 Hours4 Hours
GeForce RTX 3090Instantly6 Seconds13 Minutes52 Minutes2 Hours
GeForce RTX 4090Instantly1 Seconds5 Minutes22 Minutes59 Minutes
A100 x 8InstantlyInstantly2 Minutes7 Minutes19 Minutes
A100 x 12InstantlyInstantly1 Minute5 Minutes12 Minutes
A100 x 10,000 (ChatGPT)InstantlyInstantlyInstantlyInstantly1 Second

With the first round of MD5 password hashes, Hive Systems used an example password with eight characters, following the NIST password guidelines. We’ll concentrate on the more complex passwords with uppercase, lowercase, symbols, and numbers. The times are the best-case scenarios because non-randomly generated passwords are faster to crack.

 A GeForce RTX 4090, Nvidia’s current gaming flagship, can crack the password in under an hour. Meanwhile, eight A100s can achieve a similar feat in less than 20 minutes. Something like a ChatGPT, which has access to tens of thousands of A100 accelerators, can crack the password in one second.

Swipe to scroll horizontally

Graphics CardNumbers OnlyLowercase LettersUpper and Lowercase LettersNumbers, Upper and Lowercase LettersNumbers, Upper and Lowercase Letters, Symbols
GeForce RTX 20802 Hours4 Months92 Years375 Years989 Years
GeForce RTX 309017 Minutes4 Weeks18 Years72 Years189 Years
GeForce RTX 40909 Minutes2 Weeks9 Years38 Years99 Years
A100 x 82 Minutes2 Days2 Years7 Years17 Years
A100 x 121 Minute2 Days1 Year4 Years12 Years
A100 x 10,000 (ChatGPT)Instantly3 Minutes11 Hours2 Days5 Days

With bcrypt, the hashing times soared. While the GeForce RTX 4090 only took 59 minutes to crack an MD5 hash, the same graphics card would need 99 years. The time increases from 20 minutes to 17 years, even on eight A100 accelerators. The only way sound way is to go down the ChatGPT route, but that implies you have a ton of cash to rent AI graphics card clusters to carry out your evil deeds.

While it may sound scary, there’s no need to panic just yet. For starters, Hive Systems’ research assumes that hackers have access to the hash, for example, from significant data breaches, such as the HaveIBeenPwned or LastPass. However, that’s not always the case. The study also supposes that Multi-factor authentication (MFA) isn’t active or has been bypassed on the attack. In this day and age, you should be using MFA for all your data-sensitive stuff. Even though MFA isn’t foolproof because the attacker can likewise run a phishing attack on the victim, it adds a second layer of protection.

Join the experts who read Tom’s Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We’ll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.

MD5 is over 30 years old, and many companies have moved on to more robust hashing algorithms, like bcrypt or pbkdf2. So, it’s not just about having a strong password; security also depends on the other end. Even an eight-character NIST-compliant password can be challenging to crack if the service provider maintains good security practices and is up-to-date on the latest hashing algorithms.

Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

[ For more curated Computing news, check out the main news page here]

The post Nvidia’s flagship gaming GPU can crack complex passwords in under an hour | Tom’s Hardware first appeared on www.tomshardware.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

More in computing