But after all this talk of GPUs and algorithms and hash speeds there’s one really, really simple solution that will take you 60 seconds to implement and will make your passwords near uncrackable. It’s this:

<add name="AspNetSqlMembershipProvider" minRequiredPasswordLength="30" 

minRequiredNonalphanumericCharacters="5" />

That’s it – increase the length and complexity requirements to the point that it’s highly likely any chosen passwords will be unique, not to mention outside the range of most default cracking patterns. Of course unfortunately, nobody in their right mind is going to demand this degree of complexity because most users don’t have a means of tracking unmemorable passwords. It’s a shame though because that’s pretty much all our cracking problems solved right there.

But let me wrap this up with the following quote from the preface of Bruce Schneier’s Applied Cryptography:

There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

This does indeed appear to be the case and unfortunately SHA is now firmly in the former category.