diff -rubN john-1.7.2-all-6/src/NETLM_fmt.c john-1.7.2-all-6-netlm/src/NETLM_fmt.c
--- john-1.7.2-all-6/src/NETLM_fmt.c	2007-06-07 12:20:17.000000000 -0500
+++ john-1.7.2-all-6-netlm/src/NETLM_fmt.c	2007-06-08 10:40:39.000000000 -0500
@@ -4,6 +4,30 @@
  * Written by JoMo-Kun <jmk@foofus.net> in 2007
  * and placed in the public domain.
  *
+ * This algorithm is designed for performing brute-force cracking of the LM 
+ * challenge/response pairs exchanged during network-based authentication 
+ * attempts [1]. The captured challenge/response pairs from these attempts 
+ * should be stored using the L0phtCrack 2.0 LC format, specifically: 
+ * username:unused:unused:lm response:ntlm response:challenge. For example:
+ *
+ * CORP\Administrator:::25B2B477CE101D83648BB087CE7A1C217F51C7FC64C0EBB1::
+ * C8BD0C1630A9ECF7A95F494A8F0B2CB4A3F25B1225514304:1122334455667788
+ *
+ * It should be noted that a LM authentication response is not same as a LM 
+ * password hash, which can be extracted using tools such as FgDump [2]. LM 
+ * responses can be gathered via normal network capture or via tools which 
+ * perform layer 2 attacks, such as Ettercap [3] and Cain [4]. The responses can
+ * also be harvested using a modified Samba service [5] in conjunction with 
+ * some trickery to convince the user to connect to it. I leave what that 
+ * trickery may actually be as an exercise for the reader (HINT: Karma, NMB 
+ * broadcasts, IE, Outlook, social engineering, ...).
+ * 
+ * [1] http://davenport.sourceforge.net/ntlm.html#theLmResponse
+ * [2] http://www.foofus.net/fizzgig/fgdump/
+ * [3] http://ettercap.sourceforge.net/
+ * [4] http://www.oxid.it/cain.html
+ * [5] http://www.foofus.net/jmk/smbchallenge.html
+ *
  */
 
 #include <stdio.h>
diff -rubN john-1.7.2-all-6/src/NETNTLM_fmt.c john-1.7.2-all-6-netlm/src/NETNTLM_fmt.c
--- john-1.7.2-all-6/src/NETNTLM_fmt.c	2007-06-07 12:20:17.000000000 -0500
+++ john-1.7.2-all-6-netlm/src/NETNTLM_fmt.c	2007-06-08 10:40:39.000000000 -0500
@@ -4,6 +4,30 @@
  * Written by JoMo-Kun <jmk@foofus.net> in 2007
  * and placed in the public domain.
  *
+ * This algorithm is designed for performing brute-force cracking of the NTLM 
+ * (version 1) challenge/response pairs exchanged during network-based 
+ * authentication attempts [1]. The captured challenge/response pairs from these
+ * attempts should be stored using the L0phtCrack 2.0 LC format, specifically: 
+ * username:unused:unused:lm response:ntlm response:challenge. For example:
+ *
+ * CORP\Administrator:::25B2B477CE101D83648BB087CE7A1C217F51C7FC64C0EBB1::
+ * C8BD0C1630A9ECF7A95F494A8F0B2CB4A3F25B1225514304:1122334455667788
+ *
+ * It should be noted that a NTLM authentication response is not same as a NTLM 
+ * password hash, which can be extracted using tools such as FgDump [2]. NTLM 
+ * responses can be gathered via normal network capture or via tools which 
+ * perform layer 2 attacks, such as Ettercap [3] and Cain [4]. The responses can
+ * also be harvested using a modified Samba service [5] in conjunction with 
+ * some trickery to convince the user to connect to it. I leave what that 
+ * trickery may actually be as an exercise for the reader (HINT: Karma, NMB 
+ * broadcasts, IE, Outlook, social engineering, ...).
+ * 
+ * [1] http://davenport.sourceforge.net/ntlm.html#theNtLmResponse
+ * [2] http://www.foofus.net/fizzgig/fgdump/
+ * [3] http://ettercap.sourceforge.net/
+ * [4] http://www.oxid.it/cain.html
+ * [5] http://www.foofus.net/jmk/smbchallenge.html
+ *
  */
 
 #include <stdio.h>