"Using a dataset of more than 231 million unique passwords sourced from dark web leaks - including 38 million added since its previous study - and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an hour, and a full 48 percent in under 60 seconds."
"Sure, that's not exactly your run-of-the-mill desktop graphics processor given its price, but it highlights an important point: It takes surprisingly little to crack the average password hash. Aspiring cybercriminals don't even really need their own 5090, Kaspersky notes, as they can easily rent one from a cloud provider and crack hashes for a few bucks."
"Much of the reason password hashes have become so easy to crack is password predictability. Per Kaspersky, its analysis of more than 200 million exposed passwords revealed common patterns that attackers can use to optimize cracking algorithms, significantly reducing the time needed to guess the character combinations that grant access to target accounts."
""One hour is all an attacker needs to crack three out of every five passwords they've found in a leak," Kaspersky noted."
A large study using over 231 million unique leaked passwords hashed with MD5 found that cracking is fast with GPU acceleration. Using a single Nvidia RTX 5090, 60% of passwords could be cracked in under an hour, and 48% could be cracked in under 60 seconds. Attackers can rent similar GPU resources from cloud providers for low cost, reducing barriers to cracking. The main driver is password predictability, where common patterns in exposed passwords allow attackers to optimize guessing and reduce the time needed to find valid character combinations. A comparison with a 2024 iteration indicates passwords are slightly easier to crack in 2026, by a few percent.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]