Flutterby™! : Short passwords, fast hashes

25 GPU cluster can crack every standard Windows password in 6 hours.

It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 95⁸ combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm—;which many organizations enable for compatibility with older Windows versions—;will fall in just six minutes.

In case anyone's wondering, Flutterby passwords are stored as SHA512 hashes. Of course we submit them (and the cookie which identifies you) via unencrypted HTTP, mostly because I don't think the modern CA system actually makes HTTPS all that secure.