Eight NVIDIA GeForce RTX 4090s Could Crack the Average Password in Less than an Hour

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
11,402
Points
83
The NVIDIA GeForce RTX 4090 isn't only great for gaming, but it also functions pretty well as a password cracker, according to a recent tweet from security researcher Sam Croley that offers insight on the GPU's cryptography capabilities.

Go to post
 
This will of course be a problem for encrypted local files (like partitions or password databases etc.) unless access can somehow be forced theough th eapplication that created the encrypted file.

What I don't understand is why things like Fail2Ban or at least forced delays between retries aren't more common than they are.

Heck, by forcing even a single second between password retries you can all but eliminate the problem of brute force password attempts, and it is stupid simple to implement. It ought to be a requirement for all things that require a password.
 
Last edited:
This will of course be a problem for encrypted local files (like partitions or password databases etc.) unless access can somehow be forced theough th eapplication that created the encrypted file.

What I don't understand his why things like Fail2Ban or at least forced delays between retries aren't more common than they are.

Heck, by forcing even a single second between password retries you can all but eliminate the problem of brute force password attempts, and it is stupid simple to implement. It ought to be a requirement for all things that require a password.
THIS RIGHT HERE.
 
Heck, by forcing even a single second between password retries you can all but eliminate the problem of brute force password attempts, and it is stupid simple to implement. It ought to be a requirement for all things that require a password.
The issue is when they get a copy of the hashed user/password list, like the old passwd file on linux systems, or a database dump of the user table.

Yeah, the passwords are all hashed and crypto-whatevered, but you bypass all the other security features and can just run brute force on them all day long.
 
The issue is when they get a copy of the hashed user/password list, like the old passwd file on linux systems, or a database dump of the user table.

Yeah, the passwords are all hashed and crypto-whatevered, but you bypass all the other security features and can just run brute force on them all day long.
If you have the table with all of the passwords encrypted, you're not cracking every one. You're running them via a set of known ciphers to determin what the encryption key is, THEN you decrypt them all in mass. That's actually the bigger problem with simple passwords. That simple password is FAR easier to verfiy than what looks like a hash key as a password. THAT is why they don't want people using simple word passwords even if horseboatcarcat is harder for a machine to decrypt. It's about discovering the key that is the issue.
 
Become a Patron!
Back
Top