[clarkmoody]

The article mentions salted SHA-1, which is much more resistant to attack.

Obviously, more rounds and unique salts per user would yield better results, regardless of the hashing scheme employed.

[pork]

You can salt all you want, but an 8 character password with a single round is going to fall very, very fast. Salt, being public, has nothing to do with it.

[mappu]

It does however mean you have to spend two days per password, rather than two days for the entire user base, or ten minutes with a pre-existing lookup table.

[getsat]

No, consumer GPUs can do almost a billion SHA1 hashes per second now. We're talking seconds to minutes for "complex" passwords, not days.

http://codahale.com/how-to-safely-store-a-password/