Adrian Johnson
TLDR:
- Researchers found that 59% of real-world passwords could be cracked within an hour using modern GPUs and technical knowledge.
- Password hashing with salt can significantly increase password security by creating unique combinations for each user.
In a survey conducted by researchers, it was discovered that a worrying 59% of real-world passwords leaked on the dark web could be cracked within an hour using just a modern graphics card and some technical knowledge. This highlights the weakness of many real-world passwords and the effectiveness of brute-force attacks with GPUs. Password cracking involves retrieving the original password from its hashed form, which is traditionally stored in plain text, making them vulnerable to data breaches. Modern systems use hashing algorithms like SHA-1 to convert passwords into unique, fixed-length hash values to enhance security.
To address this vulnerability, password hashing with salt incorporates a random data string (salt) before applying a hashing function, creating unique password-salt combinations for each user. This method significantly increases the difficulty of cracking passwords and renders pre-computed rainbow tables ineffective for attackers. Modern GPUs, such as the RTX 4090 paired with hashcat, can analyze billions of hashes per second, making password cracking faster and more efficient.
Using a combination of brute-force and smart-guessing algorithms, researchers were able to crack 45% of passwords in under a minute and 59% within an hour. Smart-guessing algorithms prioritize common character combinations, emphasizing that cracking all passwords in a database takes roughly the same time as cracking one due to the database of hashed passwords. Password cracking algorithms leverage human predictability and biases, making passwords containing common phrases, dates, and patterns vulnerable to dictionary attacks.
Overall, it is crucial to use strong, unique passwords and avoid basic substitutions or popular words to enhance password security and protect against hacking attempts. Implementing password hashing with salt and avoiding common character combinations can significantly reduce the risk of password cracking and data breaches.
