RTX 4090 Sets New Records in Password Cracking Benchmarks

RTX 4090 Sets New Records in Password Cracking Benchmarks

The new Nvidia GeForce RTX 4090 is setting the standard for high-end gaming, but that’s not all it can do. The card’s raw processing ability also makes it the most powerful password cracker in the world. Early benchmarks show the 4090 crushed the cracking capabilities of the previous market leader, Nvidia’s RTX 3090. With enough GPUs cranking away, it’s possible to decrypt shorter passwords in less than an hour.

Password researcher Sam Croley (@Chick3nman512 on Twitter) recently posted the first Hashcat benchmarks for the RTX 4090. According to Croley, the improvement is substantial with a roughly 2x uplift in almost every cracking algorithm versus the 3090. Hashcat bills itself as an advanced password recovery tool, allowing the forgetful to (maybe) recover a lost login. However, it can be used just as easily to crack someone else’s password.

The 4090 was tested against protocols like Microsoft’s New Technology LAN Manager (NTLM) authentication and Bcrypt, both of which create “hashes” of plain text passwords to make them unreadable in the event someone who isn’t you should gain access to them. To unscramble the passwords, Hashcat uses several different algorithms to search for the real password, including brute force attacks, mask attacks, and rule-based attacks.

First @hashcat benchmarks on the new @nvidia RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to blazer for the run. Full benchmarks here: https://t.co/Bftucib7P9 pic.twitter.com/KHV5yCUkV4

— Chick3nman 🐔 (@Chick3nman512) October 14, 2022

The benchmarks show that a rack of eight GeForce RTX 4090 cards could unlock an 8-character password in just 48 minutes. That’s 2.5 times faster than the 3090. In some cases, when passwords use dictionary words or have identifiable patterns, the cracking time can drop to mere milliseconds. This was all done with commercially available hardware and software.

This is a troubling trend and probably something security researchers will have to plan for in the future. However, it’s not a security emergency just yet. For one, you’ll need multiple 4090 cards to crack passwords at a fast enough rate to be useful. Second, the passwords tested in Hashcat are just eight characters. Many sites and services require more than that, and each new character adds to the complexity of the problem.

Anyone who wants to use Nvidia’s latest GPUs to crack passwords will have to save up some serious cash and get in line. Currently, the cards are in extremely short supply, and the starting price is $1,600. Versions of the 4090 from manufacturers like Asus and Gigabyte can climb even higher.

Continue reading

AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up
AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up

AMD's Q3 2020 results are in, and the results are excellent for the company, in every particular.

Rare Copy of Super Mario Bros. 3 Sets Record With $156,000 Auction Sale
Rare Copy of Super Mario Bros. 3 Sets Record With $156,000 Auction Sale

That makes it the most expensive video game ever sold at auction, surpassing a copy of the original Super Mario Bros that sold for $114,000 a few months ago.

IBM, Fujifilm Set New Areal Density Record With 580TB Tape Cartridge
IBM, Fujifilm Set New Areal Density Record With 580TB Tape Cartridge

IBM and Fujifilm have announced a breakthrough that might one day enable tape cartridges at 580TB capacities or more.

Fusion Reactor Sets Record By Running for 20 Seconds
Fusion Reactor Sets Record By Running for 20 Seconds

A team from South Korea just made a major advancement — the Korea Superconducting Tokamak Advanced Research (KSTAR) device recently ran for 20 seconds. That might not sound impressive, but it doubles the previous record.