~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

@tinker does this take into account that trying a password isn't always instant tho
It will go into years if you factor that in

@piggo @tinker also doesn't Windows lock down your account after a certain number of failed tries? Or is this just for machines in an AD with policies regarding that

@Siphonay @piggo - Those are protections against online attacks. This is an offline attack where a cracker gets access to the hash first and then moves the hash onto their own computers to crack.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!