You can download rainbow tables as torrents.

8-character alphanumeric are the ones that are being offered today, it's only going to go up as GPUs get better and HD space/bandwidth increases.

Covering the whole solution space would be an enormous (as compared to just huge) undertaking. But if you limit yourself to the types of passwords people usually use, you can prune it down quite a bit.

The currently available databases are surprisingly large, even if not in the scale of 62^8. Consider a random pick from decrypt.fr: "phytostrote972". It's far from a random string, but not exactly a trivial one either.

> Covering the whole solution space would be an enormous (as compared to just huge) undertaking

A HD 5870 can churn through MD5s at about 2.8 billion/sec - 62^8 inside 24 hours on a single unremarkable GPU.

I believe that with GPUs it's now faster to calculate possible MD5s on-the-fly than use rainbow tables.

Hence the current advice is to use "alongpassphraseasyourpassword" rather than "L33$Pa55wd"

This is where password management gets ridiculous, because you'll find a lot of registration forms limit the length of your password input to, say, 12 or 16 characters.

Why? Is it not being hashed? I have a (possibly very wrong) inkling that a longer phrase might increase the chance of collision but even so, so many places enforce a strong password but force you to keep it short.

The worst offender is NVidia. They have half-a-dozen different developer logins for different bits of their site - and they all have different rules = your CUDA one must have a symbol but the parralel Nsight one must not etc

I greatly doubt that it is faster to compute on the fly then to use a rainbow table.

I think the record is just under 1Billion hashes/sec on a couple of NVidia Tesla cards linked by SLI.

You need a fairly expensive SAN to pull 1Billion MD5 hashes/second just from the raw disk - nevermind the DB lookup.