> So basically MD5 is useless if you can't decrypt the value! That sucks.
I don't know about useless. Hashing is not the same as encryption. They're intended to solve different problems. Let's say you're using a Windows network, with Active Directory. Active Directory doesn't actually know your password, because it doesn't need to know. All it needs to know is, did you enter the correct password when you hit Ctrl+Alt+Delete this morning - and it doesn't need to know what the password is in that case. Your workstation takes your plaintext password, generates a hash, and sends it to AD. AD compares the hash to the one it stored when you set your password in the first place. If they match, there's an extremely high likelihood that the plaintext passwords match as well. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360240 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm