~=8 Character Passwords Are Dead=~
New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).
This means that the entire keyspace, or every possible combination of:
...of an 8 character password can be guessed in:
(8x 2080Ti GPUs against NTLM Windows hash)
@rugk @shibayashi @kaniini - NTLM most certainly is dead (even for 9char passwords). But 8char passwords are dead across a wide variety of hash types, even slow hash types that push out the crack time for the entire keyspace to a couple of weeks. Still within many attacker's time and resource budget.
A Mastodon instance for info/cyber security-minded people.