Replies

I don't think it is ... if you can get the hashed version of the password you can then crack it as they don't use any "salt" in the hash. So "xyzzy" will always hash to "wqrtw" whereas in the unix world you'll throw some other characters in the password before hashing it. That salt is included as plaintext in the hash.
That means that you only have to hash all the possible combinations of 8 letter words to get their full dictionary of possibilities. If they had salt in there (say numbers 0->255) you would have to have a list that's 255 times bigger. I'm not sure what the salt number range is in unix.
Its my understanding that if you sniff the wire when login into a domain you might be able to get this hashed password.