We must start from the fact that the main chip of a graphics card is not a processor like those of Intel and AMD, however, they can run small programs called shaders in parallel. These are meant to be run on a specific part of the graphics pipeline and are meant to manipulate a graphics primitive. Obviously, in the realm of the GPU itself, it is just binary encoded data and therefore can be used to manipulate any data, so that we can run any algorithm on it. What if it was the password for something important?
Why are graphics cards used to crack passwords?
For the simple fact that they have more cores than a CPU, for example, Intel’s i9-13900K has 24 cores in total, but the most powerful GPU right now is the RTX 4090, which has 128. So that the complexity of a processor core is 10 times greater, this is not the case for the work of cracking a password. Our goal is to get the password with a graphics card, trying all possible combinations.
Is it an easy job? No, because the complexity of a password depends on the number of characters that compose it and the variety of these. Also, internal systems often use extended character maps such as UNICODE to encrypt certain information internally. So forget the myth of the super hacker in the movies who breaks into a maximum security place in seconds.
The main difference between graphics and computing on a graphics card is that while the former depend on a single list of screens, the latter type of applications do not, which allows us to have several of them to get passwords. For example, mining RIGs can be used for such a task.
Which application is generally used?
Well there is an app called for that hashcat, that its programmers have made it so that users can use their computer’s GPU to recover forgotten passwords. It works on any GPU as it is developed in OpenCL and also with any operating system, also supporting macOS and Linux.
However, it’s not a snap of the fingers and that’s it, even taking advantage of multiple high-end graphics cards it can take hours for all passwords to be tried on the same system. For example, they recently tested eight RTX 4090s mounted in parallel on a mining rig to crack a complex eight-character password in up to 48 minutes. The time it took them to discover the 200,000,000,000 possible passwords. That’s an average of 7.24 ms per password.
In reality, all this is not without the same principles as that of cryptocurrency mining. We must start from the fact that when trying to crack a remote password, it is necessary for the other system to respond if it is correct or not. So there is additional latency, in addition to having a large number of checks very quickly, the system can crash due to the large number of requests.