NLA MITM if the password is known

[obilodeau]

If we manage to crack the hash, we know we could MITM NLA because we could then create a new challenge-response on the server side. If I recall correctly the only thing preventing us from doing that was that part of the challenge-response mixed the plaintext password (which we don't know) with the server's public/private/fingerprint (not sure which) and that the server would reject anything tampered. We couldn't do the double diffie-hellman trick because of the mixing of both these layers. If we have the password, we can truly do an NLA handshake in the middle. This would open up a new attack use case. Note that I'm half intentionally vague here.

Ref: #358