Not quite new (it was new last summer, but I somehow missed it, the underlying paper is even two years old), but still interesting: Project RainbowCrack is a project aimed at creating tools for faster cracking of hashes. Hashes can normally only be resolved through brute force - supported by algorithmic weaknesses (as recently found in MD5 and SHA1). However, there is an approach to create the more complex calculations that arise during the brute-force process (i.e. essentially algorithmic sub-steps) in advance - for example, if you only intend to crack passwords with a maximum number of characters.

Of course, this does not come for free: you trade computing time for storage space. Tables for cracking up to 14-digit Windows passwords occupy a casual 64 GiB of memory. The practical relevance of the approach and the tools may become obvious from this quote:

Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting stuff among them is the lm #6 table, with which we can break any windows password up to 14 characters in a few minutes.

There is also a web interface to a distributed computing cluster for Project RainbowCrack, through which you can send MD5 hashes to an MD5 cracker, which then - if it is a string with a maximum of 8 characters - spits out the plain text. And this thing is constantly building more Rainbow Tables, making cracking faster and faster.

Just as a warning for those who think that a simple MD5 hash (or ultimately almost any hash) on the password would be sufficient. Unix systems typically use salted hashes - the password is extended by a plain text and then the hash is formed together with it. This extends the password in principle, even if the extension is of course not secret - for the computing time or the table size it doesn't matter, the passwords are simply longer and thus harder to crack. But it is also only a matter of space until they are not secure.

Better are passphrases instead of passwords - just simply normally long sentences. On the one hand, you can often remember these better (many people cannot remember a phone number, but can quote lines from poems) and on the other hand, they are simply longer (and especially flexibly long), so that Rainbow Tables as an attack method are out of the question. The algorithmic weaknesses of MD5 and SHA1 remain, of course.