It also empowers IT depts and cybersecurity people to be able to easily build a PoC to show why moving on from the deprecated protocol is important. In many white-hat jobs you can't just grab rainbow tables from a torrent, so a resource like this is helpful. For the grays and black hats, they've had access to rainbow tables like this for a very long time, so no change there.

▲

stackskipton 2 hours ago | parent | next [-]

Any business that needs convincing to move on from anything labeled NTLM does not care what "nerds" have to say. They are either one of those "I'm not spending money on something that works" or stuck with such legacy technical debt that at this point, removing it from environment is too costly to even consider so executives kick it down the road.

▲

Xirdus 4 hours ago | parent | prev [-]

Out of curiosity, why can't white hats grab rainbow tables from torrents? Is it about seeding?

	▲	sethhochberg 4 hours ago \| parent [-]
		Its less about torrents being the delivery mechanism and more about bringing data from a potentially unknown source, under potentially unknown licensing, and distributed for a potentially unknown reason into the corporate computing environment. Torrents would be a perfectly valid way for Google to distribute this dataset, but the key difference would be that Google is providing it for this purpose and presumably didn't do anything underhanded to collect or generate it, and tells you explicitly how you're allowed to use it via the license. That sort of legal and compliance homework is good practice for any business to some extent (don't use random p2p discoveries for sensitive business purposes), but is probably critical to remain employed in the sorts of giant enterprises where an internal security engineer needs to build a compelling case for spending money to upgrade an outdated protocol.