~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

@tinker does this take into account that trying a password isn't always instant tho
It will go into years if you factor that in

@piggo @tinker also doesn't Windows lock down your account after a certain number of failed tries? Or is this just for machines in an AD with policies regarding that


@Siphonay @piggo - Those are protections against online attacks. This is an offline attack where a cracker gets access to the hash first and then moves the hash onto their own computers to crack.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.