We have known for at least 5 years the the implementation of SHA-1 secure hashing algorithm is vulnerable in that it lets the attacker find pairs of messages with same hash (collision) in lower computational complexity than it should provide. Because of this, SHA-1 is in the process of being retired from service.
SHA-1, although it is in the process of being phased out, still forms a component of various stanadard security applications, including Secure Sockets Layer, Transport Layer Security and S/MIME protocols.
We have also seen it the past few years the increase of clustered GP-GPU applications such as the folding at home project and coupled with the processing grunt of some of the latest GPU's from ATI and Nvidia, these mini-mainframes can seriously crunch some numbers.
A German security enthusiast, Thomas Roth, has demonstrated that by using a clustered GPU instance he has 'kind of' bruted forced cracked all the hashes from a 160-bit SHA-1 hash with a password of between 1 and 6 characters in around 49 minutes.
1 Compute done: Reference time 2950.1 seconds
2 Stepping rate: 249.2M MD4/s
3 Search rate: 3488.4M NTLM/s
As you can see, that it some impressive throughput. Best of all, this proof of concept was performed on a 'fore-hire' cluster for just $2 a session from Amazon's Elastic Compute Cloud (https://aws.amazon.com/ec2/) Even though 6 characters is a fairly simple and insecure password, and the rainbow table used in this case is simply matching the correct hash, the concept still stands, that GP-GPU cracking is a growing and a fascinating trend which only goes to show the importance of quickly retiring SHA-1.
22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)
2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge
1 # export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
2 # export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH
3 # cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/
4 # ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr