Start here and read to the end of the subthread.

Then read about bit-slicing, and vectorisation & parallelisation.

And when you think you're safe because those references all talk about Windows password schemes and piddly little 64-bit md5 hashes, go read about how a couple of hundred dollars spent on Field Programmable Gate Arrays make tackling your SHA512 hashes a realistic prospect.

Maybe you should have follow these links yourself first. The only related piece of data I found there is that guy cracked 6 characters SHA1 hashed password in 2 days 49 minutes, which doesn't even make me feel pity for SHA1. And how did you get from FPGA link that it makes possible to crack SHA512?

See "For the sake of completeness, the COPACOBANA FPGA implementation tops 2^16 Mencryptions/s.".

1. 1 FPGA hardware setup does 2^16 Millions SHA512 encrypts/second.
2. The typical 8-characters x 96 char alphabet 96^8 = 218340105584896;

B / A = 110,075 seconds or a bit over 30.5 hrs. Divide that by the number of FPGA setups you can afford.

Sure, if you can enforce your 16-chars and persuade people to use !"£$%^&*(... et al, the task becomes significantly harder.

But the point remains that it is not the size of the hash (2^512), but the size of the input (96^8, 62^16 etc.) that is the limiting factor.

Length is key. Alphabet size is second.

But keeping the salt secure goes a long way to ensuring the length, and making brute forcing completely infeasible.

---

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?