GPU-based password cracking

  • Bakker M
  • Van Der Jagt R
Citations of this article
Mendeley users who have this article in their library.


In this research the following question is answered: what should KPMG advice their clients regarding to password length and complexity, now GPU-based password cracking has become a reality. To be able to answer this question, tests with different tools and hashes were performed on a system with four high end GPUs. The test system showed an improvement of a factor fourteen in brute force speed in comparison with modern CPUs. KPMG's advice to their clients regarding password length and complexity should be one of the following (this applies to all the hashes that were researched): • Nine or more characters with lower and upper case letters, digits and punctuation marks. • Ten or more characters with lower and upper case letters and digits. • Twelve or more characters with lower case letters and digits. 2




Bakker, M., & Van Der Jagt, R. (2010). GPU-based password cracking. Retrieved from

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free