~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

@tinker Leaked hashed passwords have been considered nearly equivalent to plaintext for quite a while now. 8 character passwords are dead for anything that could be subject to an offline attack, but for the most part anything that could be subject to an offline attack is broken anyway. 8 character passwords are still fine for anything that's not likely to be subjected to an offline attack.

Follow

As long as they don't get the general and per account salt ...

@tinker

Sign in to participate in the conversation
Kinky Business

kinky.business is a Mastodon instance for the kink community. Safe, sane, consensual.