[inglor]

From what I can tell with reasonable password length SHA512 still seems relatively secure. I'm not saying there is any reason you should use it - but if it does 8624.7Mh/s and your password is JUST numbers, lowercase and uppercase English letters and it's only 10 characters it would still take it (26+26+10)^10 / 8624.7Mh/s ~= 83929936 seconds which is still about 3 years for a single hash.

If it's 12 characters - then you're up to 10,000 years.

[znebby]

True - reasonable password length being the important factor. I was basing my calculations on 8 character passwords.

At my university we were forced to use passwords that are exactly 8 characters long, for some ridiculous reasons. And this was meant to be one of the top universities in Australia...

[inglor]

It's because the internet is full of monkeys: http://security.stackexchange.com/questions/33470/what-techn...

> Originally, some developer, somewhere, was working on an old Unix system from the previous century, which used the old DES-based "crypt", actually a password hashing function derived from the DES block cipher. In that hashing function, only the first eight characters of the password are used (and only the low 7 bits of each character, as well). Subsequent characters are ignored. That's the banana.

[TimPrice]

(not only) Extremely common of any kind of organization where there have been computers for more than 3 decades.