Many of the OmniNerds here remember subverting every password the USMA Goldcoats ever put on the network a decade ago in the era of weak LanMan hashes. Overtime, I’m assuming they finally got smart and started using at least NTLMv2 hashes or did whenever Microsoft stopped supported LanMan by default. Anyway, I digress. Just as tools used to target the easily broken LanMan hashes, the NTLM hashes are falling quickly thanks to cracking tools employing the power of GPUs. Standard video card GPUs can now break 7 character, mixed-case, random-character passwords in as little as 7 hours and increasing to 9 characters extends the break time to still manageable 48 days. It gets even faster if you’re willing to spend a few bucks and feed a GPU cluster in the cloud.