It doesn't matter even WPA passwords are no different than SHA-256 passwords, the only difference there is the amount of time it takes to see if your guess was correct, when you have to make billions of trillions of guesses it doesn't matter if you can guess and confirm as correct/incorrect hundreds of billions of passwords a second. The article he linked to said they cracked passwords up to six characters in 45 minutes, I don't know where the fuck he is getting 13 character passwords can be cracked from. a purely randomly generated 13 character ascii password is as secure as a 91 bit encryption algorithm that can only be broken by brute force.