Handling password hashes - A comprehensive look at password hashes

Many of today's computer passwords are stored and transmitted in a cryptographic hashed form. A strong password hash algorithm ensures that if the password hash is obtained by unauthorized parties that it is non-trivial to convert the hash back to the original plain text password (assuming the password is not trivial to guess at in the first place).

Microsoft Windows has two types of password hashes: LM (LAN Manager) and the newer NT (or NTLM) hashes. When you type in a Windows logon password for the first time, the password is stored twice by default in the authentication database (local security accounts manager file or Active Directory database) -- once for each type of hash.

In Windows, LM hashes are weak and much easier to crack than the NT hash. Other platforms have the same sort of problem; earlier, weaker password hashes are now superseded by stronger hashes. Linux, Unix, and BSD use various password hash algorithms, including weak crypt, stronger MD-5 style encryption, and the strongest, known as Bcrypt.