Hi. I'm i right:
We calculate the salted hash d of the password p and the salt s using the hash-function H like this: d = H( p + s ) + s This will have the affect that d != H( p + s' ) + s' (only if s != s') but will not protect us against a dictionary attack since we can easily precompute H( w_i ) where w_i is the ith word of our dictionary and then just have to validate d == H( H( w_i ) + s ) !?! Thanks. --sk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
