[From The SANS(TM) Institute
]
Joshua Wright, a researcher at SANS released details tonight of the Oracle password hashing algorithm at the SANS Network Security conference in Los Angeles. As part of his presentation, Wright demonstrated an attack tool he wrote that makes it possible to recover the plaintext password from even very strong, well written passwords within minutes.
The article continues at
http://www.sans.org/press/oracle_pass.php