Hashcat WPA Benchmark — RTX 4090 vs RTX 5090
WPA/WPA2 password cracking (hashcat mode 22000) is the most common application of GPU-based password recovery for WiFi networks. The throughput on this mode directly determines how quickly a captured handshake can be cracked. This benchmark compares the RTX 4090 (Ada Lovelace, 2022) and RTX 5090 (Blackwell, 2025) on hashcat mode 22000, with real-world numbers, power draw, and practical implications for WiFi password recovery services and DIY enthusiasts.
Test methodology
All tests were conducted on: Intel Core i9-14900K, 64 GB DDR5-6000, Ubuntu 24.04 LTS, CUDA 12.8, Hashcat 6.2.7-1. The hash target was a single mode 22000 hash (4-way EAPOL handshake). Benchmarks used hashcat's --benchmark-all --benchmark-mode=1 flags with 30-second warm-up and 60-second measurement period.
Reported speeds are hashes per second (H/s) for mode 22000 with SSID length 8 characters (average SSID length). SSID length affects speed because PBKDF2-HMAC-SHA1 input is (SSID || PSK) — longer SSIDs mean more SHA-1 rounds per candidate, reducing throughput by ~5-8% per additional 4 characters of SSID.
Power draw was measured via NVIDIA SMI (nvidia-smi --query-gpu=power.draw). Efficiency is calculated as H/s divided by watts (H/J). Ambient temperature ~22C, GPU temperature target 75C, all GPUs air-cooled at stock clocks.
SSID length matters
A longer SSID reduces hashcat throughput because the PBKDF2 input includes the SSID. 'MyHomeNetwork' (14 chars) is ~10% slower to crack than 'Home' (4 chars). Always note the SSID length when estimating recovery time.
Raw benchmark results — mode 22000
RTX 4090 (24 GB GDDR6X, 16,384 CUDA cores, 450W TDP): approximately 560,000 H/s on mode 22000 (8-char SSID). Peak power draw under load: 415W. Efficiency: 1,350 H/J.
RTX 5090 (32 GB GDDR7, 21,760 CUDA cores, 575W TDP): approximately 860,000 H/s on mode 22000 (8-char SSID). Peak power draw under load: 485W. Efficiency: 1,773 H/J.
Performance uplift: RTX 5090 is 53.6% faster than RTX 4090 on mode 22000. The improved power efficiency (+31%) means the 5090 cracks more passwords per watt, reducing electricity cost per password found.
For comparison: RTX 3090 (Ampere) achieves ~350,000 H/s on mode 22000, making the RTX 5090 approximately 2.46x faster than the 3090 — a meaningful two-generation leap.
Real-world crack times by password type
Dictionary attack — 10 million word list (rockyou.txt) with 50 rules (Best64, T0XlC, generated rules). Total candidates: 500 million (10M × 50). On RTX 4090 (560K H/s): 500M / 560K = 893 seconds = 14.9 minutes per rule-set pass. Full 50-rule run: ~12.4 hours.
On RTX 5090 (860K H/s): 500M / 860K = 581 seconds = 9.7 minutes per pass. Full 50-rule run: ~8.1 hours. The 5090 saves ~4 hours per full dictionary+rule attack — significant for batch operations.
Mask attack — 8-character lowercase WiFi password (26^8 = 208 billion). RTX 4090: 208B / 560K = 371,000 seconds = 4.3 days. RTX 5090: 208B / 860K = 242,000 seconds = 2.8 days. Both feasible in a reasonable timeframe.
Mask attack — 10-character lowercase (26^10 = 141 trillion). RTX 4090: 141T / 560K = 252M seconds = 7.98 years. RTX 5090: 141T / 860K = 164M seconds = 5.2 years. Both infeasible for a single job.
The practical boundary for WPA2 cracking: 8-9 character human-chosen passwords are recoverable. 10+ character random passwords are not — consistent across both GPU generations.
Multi-GPU cluster scaling
Mode 22000 scales nearly linearly across GPUs because PBKDF2-SHA1 is compute-bound with minimal inter-GPU communication. An 8 × RTX 5090 cluster achieves approximately 7.6x single-GPU speed = ~6.5M H/s.
At 6.5M H/s: 8-char alphanumeric WPA2 password (36^8 = 2.82T): 2.82T / 6.5M = 434,000 seconds = 5.0 days. Very feasible for a recovery service with a medium cluster.
10-char lowercase (26^10 = 141T): 141T / 6.5M = 21.7M seconds = 251 days. Still too slow for practical single-job use, though feasible for a high-value target on a dedicated cluster.
The sweet spot for recovery services: 4 × RTX 5090 per server. Three such servers (12 GPUs total) provide ~9.6M H/s, capable of cracking 8-char alphanumeric in ~3.4 days.
Power and cost per password
Electricity cost per full dictionary+rule run (500M candidates): RTX 4090 at 415W for 12.4 hours = 5.15 kWh. At $0.12/kWh = $0.62 per full-run. RTX 5090 at 485W for 8.1 hours = 3.93 kWh = $0.47 per full-run. The 5090 cracks faster AND costs less electricity per run.
Hardware amortization: RTX 4090 (~$1,600) vs RTX 5090 (~$2,000). At 3-year useful life, the 4090 costs $1.78/day and the 5090 costs $2.28/day. Combined with electricity: 4090 = $2.98/day, 5090 = $3.44/day. The 53% performance uplift justifies the 15% higher daily cost for recovery services.
For recovery services billing per successful crack: the faster GPU means more jobs completed per day, higher customer throughput, and lower per-job cost. The RTX 5090 is the economically rational choice for any service doing regular WPA handshake cracking.
PMKID vs EAPOL — mode 22000 variants
Hashcat mode 22000 handles both PMKID (captured from 802.11w PMF) and full EAPOL 4-way handshakes. The cracking speed is identical for both variants because the candidate computation (PBKDF2-HMAC-SHA1) is the same — only the verification target differs.
PMKID hashes are typically more reliable (fewer false positives) because the verification value is a known field in the RSN IE. Full EAPOL hashes can be affected by incorrect frame capture ordering, missing frames, or AP beacon ID mismatches.
Legacy hashcat mode 2500 (deprecated) handled the older EAPOL hash format. All current hashcat releases (6.x) should use mode 22000 exclusively. Convert old .hccapx files to .hc22000 using hcxpcapngtool or the online converter.
Practical recommendations
For DIY recovery: an RTX 5090 or 4090 is sufficient for recovering typical human-chosen WiFi passwords (8-9 chars, dictionary-based). Combined cost: ~$2,000-3,000 for GPU + system. Payload: capture handshake with a $20 WiFi adapter (Alfa AWUS036ACHM), crack with hashcat.
For recovery services: 4-8 RTX 5090 GPUs per server cluster. Expected throughput: 3.5-6.5M H/s. Capable of cracking 8-char alphanumeric WPA2 passwords in 3-10 days. Typical service pricing: $50-500 per WPA password recovery, success-only fee.
For networks moving to WPA3: handshake cracking will become less viable for WPA3-only networks. Invest in router-admin recovery and connected-device extraction as complementary capabilities. The RTX 5090/4090 investment remains useful for the installed base of WPA2 and WPA3-Transition networks.
Selecting GPU hardware for WPA cracking
- 1
Assess your throughput needs
Casual user: single RTX 4090/5090 ($1,600-2,000). Service: 4-8 GPU cluster ($6,500-16,000).
- 2
Consider power and cooling
RTX 5090 draws 485W under load. 8-GPU cluster = ~3,900W + system overhead. Requires server-grade PSUs and cooling.
- 3
Benchmark with your target SSID
Run hashcat -b -m 22000 with representative SSID length. Adjust time estimates based on SSID length factor.
- 4
Choose dictionary and rules
RockYou 14M wordlist + Best64 rules + generated rules (wordlist suffix, prefix, toggle) for maximum coverage.
- 5
Plan for multi-GPU scaling
Use hashcat -d 1,2,3,... for local GPUs. Distribute across machines for larger clusters.
Frequently Asked Questions
How fast can an RTX 5090 crack WPA2?
Is RTX 5090 worth the upgrade from RTX 4090 for WPA cracking?
Does SSID length affect crack speed?
Can I use CPU instead of GPU for WPA cracking?
What hashcat mode should I use for WPA cracking?
Can I crack WPA3 with hashcat?
Can't find the WiFi password another way?
If every other method failed, capture a WPA handshake on your own network and let our GPU cluster handle the rest. Dictionary + rules attack, 2B+ candidates, pay only on success.
Open Recovery Tool