Six and a half million unsalted SHA-1 password hashes posted to a Russian forum on 5 June, more than half cracked within forty-eight hours. The depressingly familiar 2012 example of a problem the security community has been writing about for fifteen years.