We have to start from the fact that the main chip of a graphics card is not a processor like those of Intel and AMD, however, they can run small programs in parallel called shaders. These are intended to be executed on a specific part of the graphics pipeline and are intended to manipulate a graphics primitive. Obviously, in the realm of the GPU itself, this is just binary-encoded data and can therefore be used to manipulate any data, so we can run any algorithm on it. What if this is the password for something important?
Why are graphics cards used to crack passwords?
For the simple fact that they have more cores than a processor, for example, Intel’s i9-13900K has 24 cores in total, but the most powerful GPU currently is the RTX 4090, which has 128 of them. While the complexity of a CPU core is 10 times greater, for the job of cracking a password it is not. Our objective is to obtain the password with a graphics card, trying all the possible combinations of it.
Is it an easy job? No, since the complexity of a password depends on the number of characters that make it up and the variety of these. Furthermore, many times internal systems use extended character maps such as UNICODE to encrypt certain information internally. So forget about the myth of the super hacker in the movies who breaks into a maximum security location in seconds.
The main difference between graphics and computing on a graphics card is that while the former depend on a single screen list, the latter type of applications does not, which allows us several of them to obtain passwords. For example, mining RIGs can be used for such a task.
What application is usually used?
Well, there is an application called for it hashcat, that its programmers made it so that users could use the GPU of their computer to recover the passwords they have forgotten. This works on any GPU as it is developed in OpenCL and also with any operating system, also supporting macOS and Linux.
However, it is not a snap of the fingers and that’s it, even taking advantage of several top-of-the-range graphics cards it can take hours for all passwords to be tried on the same system. For example, they recently tested eight RTX 4090s in parallel mounted on a mining rig to crack a password with eight complex characters in a maximum of 48 minutes. Time that has served them to discover the 200,000,000,000 possible passwords. That is, an average of 7.24 ms per password.
In reality, all this is not without the same principles as that of cryptocurrency mining. We have to start from the fact that when trying to crack a remote password it is necessary for the other system to answer if it is correct or not. So there is additional latency, in addition to having a large number of checks very quickly, the system can collapse due to the large number of demands.