NT LM 0.12 Challenge/Response

Because it uses MD4 to generate the keying material from the password, and because it preserves the password's case, the key space of this protocol is essentially the full 56 bits that single DES allows; this is probably an acceptable length for most purposes (although future dialects may use triple-DES for more assurance). However, it is still subject to the same chosen plaintext and dictionary attacks as LANMAN 2.1 challenge/response if passwords are badly chosen. The only cure is to make sure that passwords are well-chosen, and long enough to have at least 56 bits of randomness.

Other considerations: