Study Shows $30,000 AI GPUs Outperform Consumer GPUs in Password‑Cracking Benchmarks
What Happened – Researchers from Specops Software benchmarked two high‑end AI accelerators (Nvidia H200 and AMD MI300X) and a top‑tier consumer GPU (Nvidia RTX 5090) using Hashcat. Across five common hash algorithms, the AI GPUs delivered comparable or superior hash rates, demonstrating that $30 k AI hardware can dramatically accelerate password‑cracking workloads.
Why It Matters for TPRM –
- Third‑party AI hardware, if repurposed after an AI project, becomes a potent brute‑force tool for attackers.
- Organizations must assess the security posture of vendors that own or lease such accelerators, especially when they handle credential‑related services.
- Password‑policy and hashing algorithm choices (e.g., moving from fast NTLM to slower bcrypt/argon2) directly affect exposure to high‑speed GPU attacks.
Who Is Affected – Enterprises across all sectors that rely on password‑based authentication, especially those using Active Directory, cloud IAM services, or third‑party SaaS platforms.
Recommended Actions –
- Review contracts with vendors that operate AI‑grade GPUs to ensure they enforce strict usage controls and data‑segregation.
- Upgrade password‑hashing algorithms to slower, memory‑hard functions (e.g., bcrypt, argon2).
- Enforce multi‑factor authentication (MFA) to mitigate the impact of credential cracking.
- Conduct periodic GPU‑performance assessments to gauge potential cracking capabilities.
Technical Notes – The benchmark used Hashcat on MD5, NTLM, bcrypt, SHA‑256, and SHA‑512. Results:
- MD5: RTX 5090 219.5 GH/s > MI300X 164.1 GH/s > H200 124.4 GH/s
- NTLM: RTX 5090 340.1 GH/s > MI300X 268.5 GH/s > H200 218.2 GH/s
- bcrypt: H200 375.3 kH/s (fastest) > RTX 5090 304.8 kH/s > MI300X 142.3 kH/s
- SHA‑256: RTX 5090 27.68 GH/s > MI300X 24.67 GH/s > H200 15.09 GH/s
- SHA‑512: RTX 5090 5.17 GH/s > MI300X 4.73 GH/s > H200 3.68 GH/s
Source: BleepingComputer – Is a $30,000 GPU Good at Password Cracking?