GPU Acceleration: Attacking Passwords with NVIDIA RTX Series Boards

June 24th, 2022 by Oleg Afonin
Category: «General»

Today’s data protection methods utilize many thousands (sometimes millions) hash iterations to strengthen password protection, slowing down the attacks to a crawl. Consumer-grade video cards are commonly used for GPU acceleration. How do these video cards compare, and what about the price-performance ratio? We tested five reasonably priced NVIDIA boards ranging from the lowly GTX 1650 to RTX 3060 Ti.

Why using a video card instead of a high-end multi-core CPU? A single NVIDIA RTX 3090 board can break passwords up to 600 times faster compared to 12th-generation Intel Core i9-12900K, while costing twice as much as Intel’s high-end CPU. Not everyone can afford a 3090, and not everyone needs it. Mid-range video cards can deliver respectable performance at a fraction of the flagship’s price.

Until today, the GPU market was extremely overheated. High-performance video cards were almost entirely consumed by crypto miners, skyrocketing the prices of all but the lowest-performing models. We attempted addressing the issue with heterogeneous GPU acceleration, a technology allowing the use of multiple video cards of different makes and models in the same computer. The technology (built into Elcomsoft Distributed Password Recovery) allows utilizing existing hardware in mix-and-match scenarios and postponing the upgrade.

Next, we looked around to find what was still available. We found a number of reasonably priced low-end video cards that could not be economically used for crypto-mining. We even toyed with the idea of using integrated GPUs built into many modern processors with some interesting results.

Today, GPU prices are in free fall. The highly anticipated NVIDIA Ada Lovelace and GeForce RTX 40-Series cards are around the corner, which lowers the demand on existing stock. Intel is about to enter the game with Xe-based Intel Arc Alchemist discrete GPUs, while AMD is refreshing its GPU range while teasing .

This time we tested the following five boards:

  1. NVIDIA GTX 1650
  2. NVIDIA RTX 3050
  3. NVIDIA RTX 3060
  4. NVIDIA RTX 2070
  5. NVIDIA RTX 3060 Ti

All the boards except the RTX 2070 were tested on the same system based on Intel’s Alder Lake i9-12900K CPU, while the RTX 2070 was tested in a workstation based on the Intel Core i5-8500 CPU. Note that GPU-accelerated attacks put little load onto the CPU (approximately 3 to 6 per cent utilization per CPU core), which makes such tests CPU-agnostic.


The benchmarks demonstrate an almost linear growth of performance depending on the video card – with one exception.

This is the exception: the RTX 2070 benchmarked higher than expected in the SHA-256 test. Since the other tests were consistent, and since we had to use a different workstation to benchmark this card, we’d recommend taking this result with a grain of salt.

Price/performance ratio

Our price/performance charts are based on today’s mid-market prices in Germany. We based the “performance” part on the WinZip/AES-256 benchmark using the latest and highly optimized version of Elcomsoft Distributed Password Recovery. While not perfect, this method allowed us to do a more-or-less fair price/performance comparison.

Normalized price/performance assumes the p/p of a CPU-only attack as a “1”

Model Passwords/sec Price, EUR Price/performance
GTX 1650 1440000 186 1,00
RTX 3050 1860000 297 0,81
RTX 3060 2650000 377 0,91
RTX 2070 3200000 478 0,86
RTX 3060 Ti 3440000 549 0,81

The numbers from the benchmarks and this table allow us making a simple conclusion: with NVIDIA, you get what you pay for. NVIDIA RTX 3060 Ti is naturally the fastest and GTX 1650 the slowest model with linear scalability. There are no significant deviations in price/performance that would make a certain model stand out, except that we don’t recommend buying past generation video cards today unless you can source them below market prices. The GTX 1650 only ‘wins’ in the price/performance listing because of the very low costs being such an old model. If you can source a certain model above or below these listed prices, your price/performance ratio will be different.



Elcomsoft Distributed Password Recovery

Build high-performance clusters for breaking passwords faster. Elcomsoft Distributed Password Recovery offers zero-overhead scalability and supports GPU acceleration for faster recovery. Serving forensic experts and government agencies, data recovery services and corporations, Elcomsoft Distributed Password Recovery is here to break the most complex passwords and strong encryption keys within realistic timeframes.

Elcomsoft Distributed Password Recovery official web page & downloads »