Yes MS fixed the hashing problem in Window2000, however it was designed to work with NT machines so backward compatablity is turned on by default. So your really difficult password is encrypted for windows 2000 just fine and dandy, and then a copy is stored with the old nt hashing scheme and converted to all uppercase. We all agree that it is EASY to break with a few tools or some extesive know how.

This entire situation is left over from Lan Manager, a pre-NT OS that added network features to Microsoft and was then incorporated into NT. Lan Manager is still around and you can turn it off but be warned! Some stuff will stop working, and you have to take extra steps to make sure hashing is still not being copied, because that process still happens on certain OS machines. I don't even have it turned off, yet... it's time consuming and complicated. I keep hoping MS will release some magical tool to do it for me.

It is possible to completely disable Lan Manager and LMhash and use a newer more secure version of it. Here are some articles on the subject. Have fun, I am too scared to do this since I have many many NT stations. Has anyone been succesfull at it??

"How to Disable LM Authentication on Windows NT [Q147706]"
"LMCompatibilityLevel and Its Effects [Q175641]"
"How to Enable NTLMv2 Authentication for Windows 95/98/2000/NT [Q239869]."

Technet also has some articles www.technet.com