As we mentioned earlier, there have been a number of high-profile security breaches in recent years, and many customer/user details have been released into the wild. Luckily, these passwords are in a hashed form (more about this on the next page), but it is possible to recover these passwords with enough time and effort.
From the previous page, you know that passwords should not be stored in plaintext but rather in a hashed form. The reason for this is so that, to get the actual password from a database of users, you usually have to brute-force the passwords. As we said before, using password 'salts' makes this considerably harder, but not impossible.
The hashing algorithms used by most systems use particular calculations that can be performed much faster on different types of hardware. A normal CPU is designed for general purpose calculations and is very good at doing lots of different things at once. However hashing requires lots of the same calculation to be done at the same time, something that they are not very effective at.
GPUs (Graphical Processing Units or Graphics Cards) on the other hand, are optimised to do many of the same calculation (filling pixels) simultaneously. Some modern cards have up to 1024 cores. While these are not very fast or versatile individually, putting them together with very fast RAM creates a system that can do many more simple calculations per second than a normal CPU. These calculations could be hashing passwords.
Amazon Web Services Eleastic Compute Cloud provides cloud servers for anyone who will pay. To get a server you simply log in with your Amazon account, create a server with the specification you want, and boot it. You can then SSH in to it and run whatever you wish to run on it. It's not shared hosting, you get full root access to it, and when you are finished you can just switch it off again.
People use this for everything from web-hosting to data processing, and it is the latter that inspired them to create new specification options at the end of 2010. Because so many data processing tasks can be done considerably faster with GPUs, Amazon installed high-end graphics cards on many of the servers that form the EC2 cloud. It is now possible to get a server with the following specification for $2.10 an hour:
Using a high-specification Amazon EC2 instance like this, it is possible to crack 3488 million Windows password hashes per second. In a few decades it will be pointless using normal password hashing algorithms. This is why it is important to use an algorithm such as bcrypt.