Almost two years ago, the Specops research team analyzed how long it took to crack passwords hashed with the bcrypt algorithm.
Using newer, more powerful hardware, the researchers revisited that previous research creating a new table of Bcrypt cracking times in this just-published report Cracking bcrypt: New-gen hardware speeds up password hacking. The reason for the revisit is two-fold: the AI boom causing a glut of consumer hardware, as well as the arms-race in consumer graphics performance.
The focus on compute power for both consumers and enterprises whether for general purpose compute (GPGPU) or training LLMs has caused arguably all three major graphics vendors to focus more heavily on compute performance than they may have in the past. This shows in the performance of Nvidia’s recent 50-series, as well as AMD’s upcoming transition to the ‘UDNA’ architecture. Specops research team investigated what this boom and renewed focus on compute means for the difficulty of cracking a leaked password hash, and the future security of passwords.
Short, non-complex passwords can still be cracked relatively quickly, highlighting the huge risks of allowing users to create weak (yet very common) passwords such as ‘password’, ‘123456’, and ‘admin’. However the high cost factor of bcrypt makes longer passwords extremely secure against brute force attacks thanks to its slow-working hashing algorithm. Once a combination of characters are used in passwords over 12 characters in length, the time to crack quickly becomes a near-impossible task for hackers. This shows the value of enforcing longer passwords.
This research coincides with the latest addition of over 70 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.
To view the complete Specops research report, visit Cracking bcrypt: New-gen hardware speeds up password hacking
Like this:
Like Loading...
Related
This entry was posted on September 16, 2025 at 2:45 pm and is filed under Commentary with tags Specops. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Specops Research: Cracking Bcrypt: Is New-Gen Hardware/AI Making Password Hacking Faster?
Almost two years ago, the Specops research team analyzed how long it took to crack passwords hashed with the bcrypt algorithm.
Using newer, more powerful hardware, the researchers revisited that previous research creating a new table of Bcrypt cracking times in this just-published report Cracking bcrypt: New-gen hardware speeds up password hacking. The reason for the revisit is two-fold: the AI boom causing a glut of consumer hardware, as well as the arms-race in consumer graphics performance.
The focus on compute power for both consumers and enterprises whether for general purpose compute (GPGPU) or training LLMs has caused arguably all three major graphics vendors to focus more heavily on compute performance than they may have in the past. This shows in the performance of Nvidia’s recent 50-series, as well as AMD’s upcoming transition to the ‘UDNA’ architecture. Specops research team investigated what this boom and renewed focus on compute means for the difficulty of cracking a leaked password hash, and the future security of passwords.
Short, non-complex passwords can still be cracked relatively quickly, highlighting the huge risks of allowing users to create weak (yet very common) passwords such as ‘password’, ‘123456’, and ‘admin’. However the high cost factor of bcrypt makes longer passwords extremely secure against brute force attacks thanks to its slow-working hashing algorithm. Once a combination of characters are used in passwords over 12 characters in length, the time to crack quickly becomes a near-impossible task for hackers. This shows the value of enforcing longer passwords.
This research coincides with the latest addition of over 70 million compromised passwords to the Specops Breached Password Protection service. These passwords come from a combination of our honeypot network and threat intelligence sources.
To view the complete Specops research report, visit Cracking bcrypt: New-gen hardware speeds up password hacking
Share this:
Like this:
Related
This entry was posted on September 16, 2025 at 2:45 pm and is filed under Commentary with tags Specops. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.