Product reviews, deals and the latest tech news

Password cracking performance of Nvidia RTX 4090 GPU is alarmingly strong

It appears that Nvidia’s RTX 4090 graphics card has some skill when it comes to the speed and brute force required to crack passwords.

A security researcher named Sam Croley recently tweeted about the RTX 4090’s strength for this task, as measured by HashCat benchmarks (a password cracking tool).

See more

The new Lovelace flagship appears to have a “insane” improvement in cracking performance compared to the RTX 3090, with “almost every algorithm” seeing a boost of over two times faster performance. In particular, the new GPU excelled at brute force, combinator, dictionary, mask, and rule-based attacks.

According to Tom’s Guide, the most commonly used length for a password is eight characters, and it is estimated that a system designed specifically for cracking, using eight RTX 4090 graphics cards (yes, an expensive endeavour), could discover the password in less than an hour (48 minutes).

A weak password, such as “password,” “123456,” or even a slightly more complex but still relatively simple attempt, can be cracked in a matter of seconds.

Concerns about the security of one’s passwords as more sophisticated methods of breaking them become widely available.

Of course, this all sounds pretty alarming, but it doesn’t mean your password defences will crumble tomorrow (unless, of course, you are using simplistic passwords, reusing passwords across sites, or any of those other bad security practises, which, to be fair, don’t require an RTX 4090 in the wrong hands to get you in hot water).

However, this does highlight how easily accessible such powerful computing is today, as any reasonably well-off gamer or PC enthusiast can now afford to purchase an RTX 4090 and potentially abuse it in this manner.

What about incredibly safe passphrases? Or, more accurately, the incredibly complicated passwords that a password manager generates for you? There’s a question about how long it would take to crack a 15-character NTLM (Microsoft’s New Technology LAN Manager) password, and Croley answers it in that Twitter thread.

Croley chimes in, “If it’s randomly generated with something like a password manager, too long. The standard ‘full character set’ contains 95 symbols, making the keyspace too large for most attackers to crack at 9515. No matter how many 4090s are involved or who they are, the project is too ambitious.

Is this evidence that you need to start using a password manager? It’s possible, and it’s something to consider. If you’re debating whether or not to download a password manager, you should read our selection of the best options available. Don’t take any unnecessary precautions with your password security, such as using simple passwords or writing them down in a pad, if you don’t use a password manager app.