Sam Croley, a core researcher at the Hashcat password tool, claims that the popular graphic card NVIDIA GeForce RTX 4090 can reveal sensitive information about users, including their sensitive passwords.
Croley tested the graphic card using a password-cracking benchmarking tool to see if the NVIDIA GeForce RTX 4090 GPU could retrieve more information than its predecessor, the RTX 3090 GPU. According to the researcher’s Twitter post, by using eight NVIDIA RTX 4090 GPUs, threat actors can hack into passwords in less than 60 minutes, which, according to Croley, is two times faster than using the same quantity of NVIDIA RTX 3090 GPUs.
NVIDIA GeForce RTX 4090 GPUs: Made for gaming, used for hacking!
If we do the math for NTLM, 300GH/s is 300 Billion hashes per second, ?a is 95 characters, length 8 makes it a keyspace of 95^8, divide that by the speed and get 22111 seconds. Then convert from seconds and you get 368 minutes or 6.1 hours to complete the keyspace on 1x 4090 GPU.
— Chick3nman 🐔 (@Chick3nman512) October 14, 2022
It is worth noting that not all passwords are stored in strong encryptions. For example, passwords stored in MD5 might not be as strong as sha512crypt. Usually, passwords are cracked via a pile of graphic cards stacked upon each other, so using a single graphic card would take a long period of time.
For hacking an eight character-password, the hackers would have 26 options per space. Similarly, hacking a complex 12-character password with a mix of alphabets, characters, numbers, and symbols would take 3,000 years of brute-force attacks to crack it.
However, using the latest and more powerful GPUs, such as the NVIDIA RTX 4090, the overall time to crack a password can be shrunk to a few hours. In the experiment by Croley, he explained that a standard “eight-character password filled with numbers, capitalized and lowercase letters, and symbols combined” could be hacked within 6.1 hours.
By combining more NVIDIA RTX 4090 GPUs, the time of over 6 hours can be reduced to a great extent — less than 1 hour. The researchers also claimed that by using this method, the attacker can bypass even the most robust authentication protocols, including Microsoft’s NTLM (New Technology LAN Manager) or the Bcrypt password-hashing function created by Niels Provos and David Mazières in 1999.
Although the numbers are astounding in theory, it is also alarming to consider the sinister ways someone might utilize them to help hack other individuals, corporations, and more. What is more concerning is the price of these graphic cards — the NVIDIA RTX 4090 GPU sells for $1,600, and to accomplish a password crack within an hour, a threat actor would require an entire rig costing somewhere around $12,800.