Hyperbole is just about as bad as murder.
It's not hyperbole, a rainbow table will give you instant plaintext for 95% of your passwords. And even if you don't want to use one, an off-the-shelf high-end graphic card (~$500) can compute 10 billion md5 hashes per second, plug that in a not-completely-retarded brute-forcer (jack the ripper, oclhashcat) and you've got pretty much the whole database as plaintext in hours tops.
The only passwords you won't have plaintexted are those so complex you know the user doesn't reuse them anyway.
155a7a01308fa0807f722c5984bd91fb
---
I find "high-end graphic card (~$500) can compute 10 billion md5 hashes per second" a bit unbelievable [but that's progress for ya]. So that's roughly all possible alphanum characters of stringlen 6, each second.
So if my calculation is correct (assuming 60 alphanum chars randomly chosen) that's only 7000 years to calculate all 12 char strings?
Yes I realise that md5'ed password strings aren't random nor usually particularly long. Just saying.
You may want to read the last phrase of my comment.
> I find "high-end graphic card (~$500) can compute 10 billion md5 hashes per second" a bit unbelievable
And yet those are the numbers oclhashcat lite publishes for 0.10 on a stock Radeon HD6990 (10886.3M c/s): http://hashcat.net/oclhashcat-lite/
> Yes I realise that md5'ed password strings aren't random
Which is the whole point, and the knowledge the tools I mentioned use: https://community.qualys.com/blogs/securitylabs/2012/06/08/l... (note: the article is about sha1 hashes — which are about 3 times as expensive to compute as md5 — and is done on an older CPU, not GPU-assisted hashing)
> Just saying.
Just saying absolutely nothing?
At the highest level, you're missing the issue of specialization and parallelization.
This misunderstanding is partly alluded to by your surprise at the power of GPUs to hash passwords. GPUs can have hundreds or even thousands of what you might think of as "cores", but they're very specialized cores that are only suited to certain kinds of operations. Those operations were originally intended for the problem domain of high-performance graphics, but as it happens, many of those same operations mesh very well with cryptographic hashes. In essence, we've all got specialized massively-parallel password-cracking supercomputers sitting on our desks.
Take this up a level, and you might see the most obvious implication: More $500 graphics cards, more passwords cracked in a given timeframe. Very naïvely speaking, 7,000 $500 graphics cards, $3.5 million. You've just gained the ability to hash every one of those 12-character strings in one year for the cost of a funding round. Oops.
Relatedly, you're talking about cracking a password. That's wrong. Nobody cares about cracking your password, or my password. They're going after passwords, in a massively plural sense.
Start with 100,000 md5 password hashes. Assume the passwords are all 12 characters (they're not) and they're randomly generated (again, not). You don't conduct a brute-force search for every hash, you conduct a brute force search for 100,000 hashes. 7,000 years divided by 100,000 hashes is 25.55 days. With a $500 graphics card, the crackers can brute-force a password every month.
Now, once you realize that the entropy in the average password is not even within an order of magnitude of 60^12, you might begin to see the problem. You'd be lucky to find a password that's 36^8.
That purported 7,000 years is starting to look a lot smaller, isn't it?
This is why we have things like bcrypt and PBKDF2.
