IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nvidia's new RTX 4090 is a powerful password-cracking tool

Hackers using an array of the consumer-grade GPU could see brute force timings halve

Nvidia’s new RTX 4090 graphics card is powerful enough to break password-cracking records, according to benchmarks by a password recovery firm.

A password researcher expressed amazement at the benchmarks he published on Friday. The card clocks in “at an insane >2x uplift over the 3090 for nearly every algorithm," said Sam Croley, a researcher and password cracker who also works as a core developer at Hashcat.

Related Resource

CIO Priorities: 2020 vs 2023

Zero Trust, SaaS Security, and its impact on SD-WAN being a priority

Webinar title screenWatch now

In tests against Microsoft’s New Technology LAN Manager (NTLM) authentication protocol, used widely throughout enterprise networks to authenticate user identity, as well as the commonly-used password-hashing function Bcrypt, the GPU scored record speeds of 300GH/sec and 200kh/sec.

In another tweet, a hacker with the alias 'TinkerSec’ noted that with a rig fitted with eight RTX 4090 GPUs, a hacker could cycle through every combination (200 billion) of eight-character passwords in just 48 minutes using brute force methods.

This is far quicker than the two-and-a-half hours it would take to achieve the same results on the 3090, Nvidia’s previous flagship card, and would include passwords containing random upper cases, lower cases, symbols, and numbers.

The numbers are notable because although the RTX 4090 is expensive, at £1,699 per unit, it is still consumer-focused hardware and widely available from IT retailers. This may make the GPU a valuable investment for threat actors, now able to source more power for custom-built hacking systems through legitimate channels.

However, experts who spoke to IT Pro suggested there are still limitations to the real-world application of such attacks, even with powerful hardware to back them up.

"This kind of device is typically used for offline password cracking because online solutions would typically be resistant to such attack vectors," said Grant Wyatt, COO at MIRACL. 

Given that the majority of passwords created by users are not random strings but tend to follow patterns of commonly-used words, hackers can in practice cycle through to the correct password much sooner. If an RTX 4090 was run through a list of only the top few hundred likeliest passwords for an account, it could do so in milliseconds.

The risk for this is especially high for passwords that are shared between employees and made easy to remember. Dictionary attacks work precisely this way, with a rig using a list of the most common passwords and words within passwords to speed up the brute force process.

"Technical developments such as these highlight the importance of good password hygiene," Harold Li, VP, ExpressVPN. "Because nothing is 100% unhackable and passwords are stolen all the time, consumers must take steps to protect themselves.

"Password managers help users generate a strong, unique password for every account, and store them all safely in an encrypted vault - while having other good cyber security practices like using 2FA, significantly reduces your risk.”

In order to keep passwords complex, whilst saving from having to remember complex strings of letters and numbers, many businesses opt to use password managers. These tend to store passwords of between 12 and 128 characters, which could take hackers months, years, or many millions of centuries to crack through a brute force alone.

IT Pro has approached Nvidia for comment.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Nvidia rolls out AI platform across NHS hospitals
artificial intelligence (AI)

Nvidia rolls out AI platform across NHS hospitals

29 Nov 2022
Why developers are turning to ultra-powerful workstations for more creative freedom at less cost
Whitepaper

Why developers are turning to ultra-powerful workstations for more creative freedom at less cost

22 Nov 2022
Nvidia and Microsoft team up to build 'most powerful' AI supercomputer
high-performance computing (HPC)

Nvidia and Microsoft team up to build 'most powerful' AI supercomputer

17 Nov 2022
What is a GPU?
Hardware

What is a GPU?

28 Oct 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022