A security expert, Sam Croley, tweeted about how fantastic Nvidia’s new RTX 4090 is… for decrypting passwords. When pitted against Microsoft’s New Technology LAN Manager (NTLM) authentication protocol and the Bcrypt password-hacking function, it proves to be twice as quick as the previous leader, the RTX 3090, at cracking one of your passwords.
This means that any affluent gamer with an RTX 4090 can get into your system in a matter of days, and that’s assuming you use decent password-setting methods, which the vast majority of us do not.
HashCat V.6.2.6 is the gold standard for password cracking and is best left in the hands of system administrators and cybersecurity experts (of which Croley was a core programmer, by the way). In the rare cases where it may be necessary, researchers are able to test or guess user passwords.
Cybercriminals now have the ability to do this as well, which is quite worrying. As well, deploying such tools has never been simpler thanks to the development of GUIs and the intuitiveness of such programs on modern computers equipped with powerful graphics cards.
Tests show that the RTX 4090 outperforms the RTX 3090 in nearly every method, which isn’t surprising but is still a larger increase in performance than we observe in the RTX 4090’s graphical capabilities. This is probably due to Nvidia’s continued focus on improving its graphics chip design for use in data centres. From dictionary attacks to combinator attacks to mask assaults to rule-based attacks and brute-force attacks, the RTX 4090 excelled in every scenario.
Starfield interview with ex-Bethesda developer
According to their calculations, an eight-character password could be cracked in 48 minutes using a password hashing apparatus constructed specifically for that purpose (using a pair of eight RTX 4090 GPUs). Statista and 2017 data show that 8-character passwords account for 32% of all stolen passwords. This doesn’t make them less secure than shorter passwords; rather, it indicates that shorter passwords are the norm. And a “specialised” hashing rig can now kill them in under one hour.
Naturally, that is predicated on the fact that the password is at least eight characters long and satisfies the necessary guidelines (at least one number and a special character included). However, when HashCat is instructed to check the most frequently used passwords, it may reduce a cracking process that would normally take 48 minutes and try all 200 billion possible combinations to a matter of milliseconds. A password like “123456,” the most popular password of 2021, is so simple that even a human could guess it in no time (opens in new tab).
It’s also noteworthy to note that password breaking comes with its own set of costs: buying an RTX 4090 graphics card for $1,600 isn’t cheap, and each password-cracking effort uses electricity. It’s not as simple as an act of will, then. The RTX 4090 reduces the price at which passwords may be cracked, a trend that will continue so long as more powerful GPUs are released and security algorithms stay mostly unchanged. Jacob Egner’s examination of the $/hash ratios is incredibly in-depth and fascinating, outlined in a blog post of his own creation.
Another thorn in cybersecurity’s side is the mountain of data that needs to be secured in the face of the inevitable rise of quantum computers, which will render nearly all existing encryption algorithms obsolete. However, it appears that present security should be changed to newer, post-quantum techniques as soon as possible, given the dramatic reductions in the cost of password-cracking only with GPUs.
Keep calm; not all RTX 4090 owners will use their powerful graphics hardware to break passwords. As an added bonus, password-cracking utilities like HashCat are typically used against offline assets rather than online ones. As a result, the likelihood of a disturbed RTX 4090 owner cracking your credentials at will is extremely low, and may as well be zero.
Despite this, it may still be prudent to review the best methods for protecting one’s digital assets, such as using a password manager to safely store longer passwords.