A few Swiss researchers discovered that it's not too difficult to stage a brute force attack on encrypted Windows passwords.
Why? Well, Microsoft has used a one-way hash function to encrypt passwords since they were introduced in Win3.1. But they never added salt to their hash algorithm, so with a big enough lookup table (say, 1.4GB, something that easily fits into an off-the-shelf PC these days), you can identify someone's password by looking at the encrypted version. Win2K and later upgraded the hashing algorithm to make it stronger, but it still doesn't use salt!
Cryptography is a broad and dense field, but the basics are easy to understand. Adding randomness (i.e. salt in a one-way password hashing function) is one of the earliest and easiest lessons to learn.
The description of the early Win3.1 password hash (uppercase everything, hash 7-byte chunks) smaks of being too clever by half[1], and being too unsophisticated, even by early 1990s standards. There just isn't any excuse for doing that in the first place, doubly so because it's still in use. Using salted passwords was the norm in the 1980s, back before Win3.1 was even conceived.
[1] At one point, the interminably long "product activation keys" used by all Microsoft products was outed: it was about ~20 alpha numeric characters, but the only ones that mattered were the 5 numeric characters at the end which needed to equal 0 mod 7. So 0000-000000-000000-00000 was a perfectly valid activation key in the late 1990s. :-)
