Use an 8-char Windows NTLM password? Don’t. Every single one can be cracked in under 2.5hrs

In a Twitter post on Wednesday, those behind the software project said a hand-tuned build of the version 6.0.0 HashCat beta, utilizing eight Nvidia GTX 2080Ti GPUs in an offline attack, exceeded the NTLM cracking speed benchmark of 100GH/s (gigahashes per second).

“Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours” using that hardware rig, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. “The eight character password is dead.”

Source: Use an 8-char Windows NTLM password? Don’t. Every single one can be cracked in under 2.5hrs • The Register