January 16, 2026
Rainbow tables, red flags
Releasing rainbow tables to accelerate protocol deprecation
Mandiant drops a “password lockpick” to shame old Windows logins, and the comments are on fire
TLDR: Mandiant released data that makes an old Windows login easy to crack, hoping to force stubborn systems to upgrade. Commenters split between applauding a wake‑up call and accusing them of arming amateurs, with jokes about “half a motherboard” and warnings that creaky government servers could get hit first.
Mandiant just lobbed a glitter-bomb into security Twitter: a giant set of “rainbow tables” that make cracking an ancient Windows login method (Net-NTLMv1) fast and cheap, to finally force companies to ditch it. They say it’s been insecure since dial-up days, and now anyone with a modest PC can prove it. Cue the comment section meltdown. One camp is cheering — “pretty cool,” says one — because this puts undeniable pressure on IT holdouts. The other camp is yelling “why hand out lockpicks?” with a top-voted zinger comparing the release to leaving drills and bump keys on your front porch for clout.
The jokes flew. People latched onto the claim you can break it in “under 12 hours” with a sub-$600 setup; one quipped, “so someone with half a motherboard can break this hash.” Others served up corporate karma: if Google-backed folks can deprecate your old tech, what happens when it’s a Google protocol next? Meanwhile, the pragmatic voices argued this doesn’t supercharge criminals — the bad guys already had playbooks — but it might finally shame laggards, especially creaky government systems, into upgrades.
Under the drama: this is about making a fossilized login standard impossible to ignore. Mandiant’s pitch is simple: show, don’t tell. By making the risk tangible, defenders can demo the danger without pricey gear or sketchy services. Whether you see that as public service or stunt, the message is loud, clear, and a little terrifying. More via Mandiant
Key Points
- •Mandiant released Net-NTLMv1 rainbow tables to accelerate deprecation of the insecure protocol.
- •The dataset enables recovering keys in under 12 hours using consumer hardware costing less than $600 USD.
- •Net-NTLMv1 insecurity has been documented since at least 1999, with community warnings by 2012 and expanded tooling by 2016.
- •Attackers can apply a known plaintext attack to recover AD password hashes, often leading to DC compromise and DCSync privileges.
- •The dataset is available via Google Cloud (gsutil and Research Dataset portal), with SHA512 verification and support for multiple rainbow table tools.