If hashcat can crack them, so can an attacker. Penetration testers on engagement will frequently find themselves cracking stolen password hashes to move laterally inside a network, or to escalate ...

The MD5 password hash algorithm is "no longer considered safe" by the original software developer, a day after the leak of more than 6.4 million hashed LinkedIn passwords.

How can one understand 348 billion hashes per second? The testing was used on a collection of password hashes using LM and NTLM protocols.