A new report from Hive Systems warns that advancements in GPUs are enabling unprecedented speed in password cracking. Short or simple keys no longer offer real protection against modern attacks.
As the power of graphics cards continues to increase, so does the ability for cybercriminals to breach security barriers that just a few years ago seemed impenetrable. This is the warning issued by Hive Systems in their latest update of the Password Table 2025, a comparative table that shows how long it would take an attacker to crack passwords using brute force attacks with the latest hardware.
In this edition, Hive has utilized twelve units of the new GeForce RTX 5090, NVIDIA’s most powerful GPU, to evaluate how long it would take to crack passwords protected by hashing algorithms like bcrypt. The results are as impressive as they are concerning.
GPUs Cracking Keys at Record Speeds
The study by Hive Systems shows that an eight-digit numeric password could be cracked in just 15 minutes with this graphical arsenal. If the key only includes lowercase letters, the time extends to three weeks, but if it combines letters and numbers, it would take 62 years. Adding symbols would extend the cracking time to 164 years. Nevertheless, these time frames are much shorter than those estimated just a few years ago.
Most notably, the comparison with the previous generation is striking: the RTX 5090 offers a 33% performance increase over the RTX 4090. In the case of more complex passwords, the improvement is even more significant: double the cracking speed for keys that combine uppercase and lowercase letters, numbers, and symbols.
Does This Mean We’re in Immediate Danger?
Partly yes, but with nuances. Hive Systems reminds us that these calculations assume an attacker has access to a database of hashed passwords (which happens in many large data breaches). Additionally, the bcrypt algorithm is designed to withstand such attacks, intentionally slowing down the decryption process.
Nonetheless, the results demonstrate that simple passwords are no longer a viable defense, and the advancements in hardware highlight outdated security practices.
What Can You Do to Protect Yourself?
The conclusion from Hive Systems is clear: passwords must be long and complex. It’s not enough to mix numbers and letters; using passphrases, password managers, and, when possible, multi-factor authentication is essential.
For example:
- A password like
12345678can be cracked in seconds. password2024might withstand for minutes.- But a phrase like
Café_ParaDos+EnInvierno2025could remain secure for centuries with current methods.
Moreover, Hive warns that this trend will continue: each new generation of GPUs will further reduce decryption times.
The Paradox of Power
Ironically, the same GPUs that drive advancements in artificial intelligence and next-generation video game graphics are also accessible to those who use them for illicit activities. Thus, tools created to enhance knowledge or entertainment can also accelerate digital crime.
The GeForce RTX 5090, still not commercially available in many regions, illustrates the growing chasm between offensive capabilities and current defensive practices in cybersecurity.
A Call to Action
With this table, Hive Systems offers a timely reminder: updating passwords remains one of the most effective actions to protect oneself. In a world where a massive attack can occur in minutes, using a strong key is not optional; it’s essential.