>1 billion/sec, wow, that's more than I expected, but I think the title is slightly hyperbolic, this is not the death of passwords.
It should I hope be the death of using fast hashes for password authentication though. If it's possible to compute 3 billion hashes per second, then you need to come up with a hashing algorithm that takes a thousand times longer to run, and then you can only brute force 3 million hashes per second.
For example, lastpass uses 100,000 rounds of PBKDF2
. If computers get 10 times faster they can just up that factor to a million and it will still take the same amount of time to brute force. At various times the number of bits being used behind the scenes will probably need to increase, but that can be transparent to users.
Of course, I don't trust every site on the internet to do this, so yes, hurray lastpass