User “ninja the hacker” asked Croley how long it takes to “brute force” an eight-character password, and the results were astonishing. In Crowley’s words on Twitter:
— Chick3nman 🐔 (@Chick3nman512) October 14, 2022 So, for the standard eight-character password filled with numbers, capitalized and lowercase letters, and symbols combined, the estimated time for only one NVIDIA RTX 4090 GPU is 6.1 hours — much less combining several of the same models in a password-cracking rig. What is even crazier is that it can go up against authentication protocols, such as Microsoft’s NTLM (New Technology LAN Manager) or the Bcrypt password-hashing function created by Niels Provos and David Mazières in 1999. While the numbers are incredible, they also are frightening to think about the nefarious uses that someone could use to assist in hacking other users, businesses, and more. The cost to hack that fast is also hard to swallow. With the NVIDIA RTX 4090 selling at $1,600 each (estimated with tax), a rig to work at that speed would cost above $12,800, which does not include the amount of power required to pull off such a feat. Another side note is that Hashcat is an offline password-hacking tool. It’s perfect for server and system admins, along with cybersecurity specialists. This realization does not mean that you are still safe on the Internet. Google has implemented several cybersecurity measures, Apple, Microsoft, and more, as well as software security packages, to create solid and harder-to-crack passwords. Unfortunately, we live in a society where it is easier to use one password across several websites and devices, opening ourselves up for attacks at some point. Also, more powerful systems developed over the last several years to usher in quantum computing are slowly opening themselves up to attacks on an astronomically high level. This will cause those development teams to consider even more stringent measures for the future of computing. Are you still using the same password for the last five years? It might be time to update to a new password or even consider a password generator/storage tool to assist with keeping track across the web and more. News Sources: Sam Crowley (Twitter), Tom’s Hardware