Terrible crypto design is a recurring feature of Microsoft products too, e.g. the original LANMAN password hash has a maximum password length of 14 characters and just treats all passwords as two separate 7 byte values to verify.
If we use MD5(password) then brute force of a 14 character random password (say using a 64 symbol character set) isn't really viable because you need to try about 2^84 values. MD5 isn't an acceptable password hash, but using a strong random password was enough to save us.
But if we use LMhash(password) that same password can be brute forced in just 2^43 operations. This design is so bad that there's no way for the user to protect themselves.
This popularized Rainbow Tables. You may use a time-space tradeoff for any hashing scheme that doesn't have salt, or doesn't have enough salt compared to how much it's used, but for most schemes a strong random password overwhelms the power of the time-space tradeoff anyway. Rainbow Tables tilt this tradeoff so that it's more favourable in exchange for a modest reduction in effectiveness†and for LANMAN they're enough to turn it from "If you had a super computer and hundreds of gigabytes of disk space you could crack any Windows password hash near instantly" to "If you have a mid-range PC with 5GB of hard disk space and download this software you can crack 99.9% of Windows password hashes in a few minutes".
†For a lot of pre-computation effort you can get all the effectiveness back. But that's not important here.
That was a fun one. There were lots of lessons from that that I used in my security awareness training. The bottom line was that all this stuff was in an essentially-unencrypted backup file.
There were other lessons too, but that was the main one.
If we use MD5(password) then brute force of a 14 character random password (say using a 64 symbol character set) isn't really viable because you need to try about 2^84 values. MD5 isn't an acceptable password hash, but using a strong random password was enough to save us.
But if we use LMhash(password) that same password can be brute forced in just 2^43 operations. This design is so bad that there's no way for the user to protect themselves.
This popularized Rainbow Tables. You may use a time-space tradeoff for any hashing scheme that doesn't have salt, or doesn't have enough salt compared to how much it's used, but for most schemes a strong random password overwhelms the power of the time-space tradeoff anyway. Rainbow Tables tilt this tradeoff so that it's more favourable in exchange for a modest reduction in effectiveness†and for LANMAN they're enough to turn it from "If you had a super computer and hundreds of gigabytes of disk space you could crack any Windows password hash near instantly" to "If you have a mid-range PC with 5GB of hard disk space and download this software you can crack 99.9% of Windows password hashes in a few minutes".
†For a lot of pre-computation effort you can get all the effectiveness back. But that's not important here.