Crypto-mining is off the cards, but the new Nvidia RTX 4090 (opens in new tab) turns out to be good at hacking as well as gaming. Incorporate eight of these into a password cracking rig, and for only $13,000, you can crack an 8-character password in just 48 minutes.

The Ada Lovelace-based card is setting a series of new benchmarks that prove what an absolute beast the GPU at its heart is, and the results in the HashCat benchmark highlight the cryptanalysis capabilities of the AD102 core.

This performance was highlighted by security researcher Sam Croley (open in new tab), who tweeted (via Tom's Hardware (open in new tab)) on Friday that "there is an insane 2x improvement over the 3090 in almost every algorithm!" In the same thread he also noted that it is just over 3x faster than AMD's Radeon RX 6900 XT.

Other Twitter users noted that the RTX 4090 card's modest collection of cards means it can go through all possible combinations of standard 8-character passwords, including upper and lower case letters, numbers, and symbols, in less than an hour. [This was the case when the AD102 was tested with Microsoft's NTLM (New Technology LAN Manager) authentication protocol.

The cost of password decryption has been greatly reduced, and you need to see now how secure your pet name passwords appear to be. To be fair, even in 2022, the two most common passwords (open in new tab) are 123456 and 123456789. This means that for the majority of passwords, expensive cracking devices will not be necessary to break through someone's simple security.

However, if one were to match a single card against a list of the top few hundred passwords in use today, it might take a few seconds, maybe even milliseconds, to crack most passwords. Although, one would not want to know what is "hidden" behind such loose security measures.

But the original report by ITPro (opens in new tab) should put your mind at ease if you were at all worried about a rogue RTX 4090 raytracing cyberpunk hell during the day and cracking all your passwords at night. [This type of device is typically used for offline password cracking. This is because online solutions are usually resistant to such attack vectors," Grant Wyatt, COO of MIRACL, told ITPro.

But if you're worried, he points out that if you're using a good password manager that stores passwords from 12 to 128 characters in length, even this kind of brute force attack will take a lot longer to break through. [19] [20] It could be months, years, centuries, or even longer.