SecurityFocus has a great article on Windows password security. Among other things, it addresses the real implications of the weaknesses of LanMan and NTLMv2, and a way you can use that to your advantage: if a password is fifteen characters or longer, Windows does not even store the LanMan hash ...