On 13 Jun 2007, at 17:09, Oliver Block wrote: > > No, the software has to encrypt the user password and compares it > against the > encrypted in the database. I think you've got a serious misunderstanding of how modern authentication protocols work. Simon.