A researcher named Jeremi Gosney has a setup with 25 GPUs and some extra equipment, where he is able to hack password hashes. 8 characters passwords in 5½ hours for the now “old” NTLM security is quite fast, and weaker schemes (like the default Windows XP scheme) even faster. Reading it, just underlines that MD5 is not usable for secure hashing.
It is no surprise that fairly long and complex passwords are needed to avoid simple brute forcing. The interesting thing is that we now have off-the-shelf software to do distributed password cracking using GPUs (at home). I am always considering Wifi passwords to be good candidates – it is most likely “never” changed, so you only need to crack it once, and it can be done by passive sniffing and offline cracking, so on one will ever notice 🙂
And when it becomes that easy to calculate, I would expect the internet to be flooded with rainbow tables…
MON works - and blogs 
Reblogged this on EAL IT technologist 2012 net.