If it does not take a full second to calculate the password hash, it is too weak.
POUL-HENNING KAMP
6.5 million unsalted SHA1 hashed LinkedIn passwords have appeared in the criminal underground. There are two words in that sentence that should cause LinkedIn no end of concern: “unsalted” and “SHA1.”