TLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms ([RFC1321]) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in [RFC1320] and [FIPS46-2]. Therefore, applications are generally advised not to use NTLM.
threaded - newest
Posted by Microsoft way back in 2010 (date pulled from Wikipedia):
If your org still uses NTLM, that’s on you.