You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers. The password-cracking speed of Nvidia’s best GPU has been highlighted before but the latest revelation points out the performance compared to other graphics cards.
Security analyst and researcher Sam Croley goes by Chick3nman on Twitter where he shares information related to password security. The latest tests show the RTX 4090’s Hashcat performance is roughly eight times greater than eight GTX 1080s. Compared to Nvidia’s best GPU from the previous generation, the RTX 4090 is nearly twice as fast as the RTX 3090. The tweet was the first spotted by Tom’s Hardware.
First @hashcat benchmarks on the new @nvidia RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to blazer for the run. Full benchmarks here: https://t.co/Bftucib7P9 pic.twitter.com/KHV5yCUkV4
— Chick3nman 🐔 (@Chick3nman512) October 14, 2022
Replying to a question in the same Twitter thread, Croley said Nvidia’s GeForce RTX 4090 GPU is more than three times faster than an AMD Radeon RX 6900 when using the hash speed benchmark Hashcat. Croley noted that the relative performance of AMD’s Radeon RX 7000 series is still unknown.
There’s greater safety when using a password manager that generates a random password of much greater length than most people would. According to Croley, that would be too big of a problem to solve with current technology even if a large number of high-performance graphics cards were used. A 15-character password made of letters, numbers, and symbols could have 95 to the power of 15 combinations, an incredibly large number.
If it's randomly generated with something like a password manager, too long. There are 95 characters in the common "full character set", and 95^15 is too large of a keyspace for pretty much anyone to attack. Doesn't really matter how many 4090s or who they are, it's still too big
— Chick3nman 🐔 (@Chick3nman512) October 14, 2022
Croley is hoping to test Intel’s new Arc 770 GPU next but is having trouble getting ahold of one. Intel scored a surprising win against both Nvidia and AMD recently, so the Hashcat results could be quite interesting.
These results are an excellent reminder to secure your most important accounts with two-factor authentication (2FA) and to take advantage of the relatively painless security provided by using a password manager.