I was thinking of this last night. It seems like a way you can beat any password based security measure. Please tell me if I'm wrong. s2c: Encyrption data (nonce, public key, whatever). c2s: Hash containing the password. I have a packetsniffer on a router inbetween them. I don't try to break the hash. Instead, I run whatever algo the client was using to generate the hash using every possible password until our hashes match. Short of using an algo that takes several minutes to generate a single hash, I can run through all reasonable passwords pretty quick. If I assume the passwords are alpha-numeric then I can do it even faster. So it seems like a packetsniffer can beat any security measure. Am I wrong? --------------------- To unsubscribe go to http://gameprogrammer.com/mailinglist.html