It's kind of difficult to use a brute force attack when RACF revokes the ID after a site specified number of attempts. Assuming the site doesn't allow 1 or 2 character passwords (you don't do you), even if the site were to allow 100 attempts, it's statistically a REALLY long shot to guess the password. I would imagine that most sites have 3 or 4 as the number of attempts, making the probability for success of a brute force attack too remote to consider as they wouldn't even get out of the single character attempts.
Brian ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html