Sam Croley, the core developer of the brute force password cracking tool Hashcat (latest version 6.2.6), in collaboration with security analysts from Austin, Texas, said that NVIDIA GeForce RTX 4090 graphics cards run Hashcat to crack a certain password, which is twice as efficient as the previous generation RTX 3090 GPU.
With a graphics card array consisting of eight NVIDIA RTX 4090 GPUs, the password cracking time is reduced to less than 60 minutes, which is half of the RTX 3090. For a standard eight-character password composed of numbers, uppercase and lowercase letters, and symbols, if only one RTX 4090 GPU is used, the time to successfully crack the password is 6.1 hours, not to mention that multiple graphics cards can be used to form an array.
Even crazier, it works against authentication protocols such as Microsoft’s NTLM (New Technology LAN Manager) or Niels Provos and David Mazières (the Bcrypt password hash function created in 1999).
While these numbers are mind-boggling, they’re also terrifying to think about the nefarious uses someone could use to assist in hacking other users, businesses, etc. The cost of such a quick crack is also unbearable. NVIDIA RTX 4090s are priced at $1,600 each (estimated including tax), and a rig working at that speed would cost over $12,800, not including the amount of power needed to achieve this feat.
Another note is that Hashcat is an offline password cracking tool. It is perfect for server and system administrators as well as network security experts. This realization does not mean that you are still safe on the Internet. Google has implemented several cybersecurity measures, including Apple, Microsoft, and others, as well as software security packages, to create reliable and harder-to-crack passwords. Unfortunately, we may use the same password on multiple websites and devices, which is very vulnerable.
