kony writes:

> Nope.

Yup.

> Ever heard of L0phtCrack? It'll do NT4 and sometimes NT5
> (if NTLM hash use is retained for backwards compatibility).

It's guessing, just like all other "cracking" software.

> Even if we ignore this, what you call "guessing" at it, is
> in fact cracking it, particularly when done in an automated
> fashion. If you don't like the word "cracking" for this
> use, that's a bit beside the fact that the entire industry
> has settled on it- so find another word you like better and
> then convince the entire industry to switch to using that
> word instead of "cracking", else "cracking" is the proper
> term.

Cracking implies a successful algorithm for finding a plaintext
password that hashes to a specific digest. That doesn't exist for NT
login passwords.

> Nor does it mean they don't occur, but in this case, people
> have in fact cracked passwords, there is no denying it.

Sure, by guessing poorly-chosen passwords. The worse the password,
the easier it is to guess.

--
Transpose mxsmanic and gmail to reach me by e-mail.