The amount of raw computing power found in a 25-GPU cluster is more than enough to take a crack at 6.6 quadrillion password combinations. Just in case your mind is boggled by the amount, let’s just put it simply. That amount is more than enough to check just about every possible eight-character password, ranging from upper/lower-case letters to digits and symbols in a matter of 5.5 hours. Microsoft’s NTLM cryptographic algorithm that has seen action since Windows Server 2003, is relatively weak and particularly insecure in some enterprise settings by today’s standards. Let’s just say that access to a hash of a workstation password, this machine will most probably take less than a day to crack it.
Of course, we are talking about this machine guessing passwords of up to eight characters within a reasonable time period, and throwing in an additional character (to nine characters in total) would take approximately 500 hours to crack. When you have 10 characters in the equation, then such a machine would consume 5.4 years of cracking time. Just how many characters does your password contain for most of your online accounts?