8 RTX 4090s could crack most of your passwords in just 48 minutes
A modest cracking rig would be able to go through every single possible password combination of an eight-character password in less than an hour.
Cryptomining's off the cards, but it turns out the new Nvidia RTX 4090 is a dab hand at hacking and not just gaming. Stick eight of them in a password cracking rig—for a paltry $13K—and you can break an eight-character password in just 48 minutes.
The Ada Lovelace-based card keeps popping up with new metrics to prove just what an absolute beast of a GPU it's got at its heart, and its showing in the HashCat benchmark highlights the cryptography chops of the AD102 core.
The performance was highlighted by security researcher, Sam Croley, who tweeted on Friday (via Tom's Hardware) that there's "an insane >2x uplift over the 3090 for nearly every algorithm." In the same thread he also pointed out that it's just over three times faster than AMD's Radeon RX 6900 XT.
Crunching the numbers, other Twitter users have suggested that would mean a modest collection of RTX 4090 cards could go through every single possible password combination of a standard eight-character password—including upper- and lower-case letters, numbers, and symbols—in less than an hour.
That's with the AD102 tested against Microsoft's New Technology LAN Manager (NTLM) authentication protocol, which is something you'll see in place in a whole lot of enterprise situations out there.
That's massively cutting the cost of password decryption, which should have you right now looking at just how secure your pet-name passwords are looking right now. Though to be fair, in 2022, the most common two passwords are still 123456 and 123456789. So, for the vast majority of passwords you're not going to need an expensive cracking rig to get through someone's simple security.
Mother of Eris...With these benchmarks, using an 8 GPU rig, you could go through:every.single.possible.password.combination.of an 8 character password(even total random upper, lower, number, symbol) using NTLM hashing (Windows / Active Directory)in...48 minutes!!! https://t.co/nM85LqddclOctober 14, 2022
But if a single card was to be put up against a list of the top couple of hundred passwords in use right now it may just take a few seconds, maybe milliseconds, to crack most passwords. Though chances are you're probably not going to want what's 'hidden' behind such lax security measures.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Best gaming PC: The top pre-built machines from the pros
Best gaming laptop: Perfect notebooks for mobile gaming
The original report by ITPro should put your mind at ease, however, if you were at all concerned about rogue RTX 4090s ray tracing the hell out of Cyberpunk in the day and then cracking all your passwords by night.
"This kind of device is typically used for offline password cracking because online solutions would typically be resistant to such attack vectors," Grant Wyatt, COO at MIRACL tells ITPro.
If you are worried, though, it does point out that if you're using a good password manager, which stores passwords between 12 and 128 characters in length, then even this sort of brute force method would take a lot longer to get through.
Maybe months, maybe years, maybe centuries, or even longer.
Dave has been gaming since the days of Zaxxon and Lady Bug on the Colecovision, and code books for the Commodore Vic 20 (Death Race 2000!). He built his first gaming PC at the tender age of 16, and finally finished bug-fixing the Cyrix-based system around a year later. When he dropped it out of the window. He first started writing for Official PlayStation Magazine and Xbox World many decades ago, then moved onto PC Format full-time, then PC Gamer, TechRadar, and T3 among others. Now he's back, writing about the nightmarish graphics card market, CPUs with more cores than sense, gaming laptops hotter than the sun, and SSDs more capacious than a Cybertruck.