>> I *heard* that there was one bug in the MD5 code printed in the RFC, >> but I've never tried it myself. > Someone want to check this? I dunno...but I wrote an implementation de novo, strictly to the text spec, and when I tested it with the half-dozen sample strings in the RFC it checked out fine. (I did this because I was not willing to tolerate the copyright on the code in the RFC.) Not that that necessarily proves anything, of course. I didn't compile the code from the RFC and test it to see whether it produced those same test hashes...though I would assume the code they print is the code they used to generate that test. (Actually, there is one minor bug: the compile-time defaulting of which of the MD2/MD3/MD4/MD5 variants is used, in the driver program, is buggy. As I recall, it's something like doing "#define MD MD5" (instead of the correct "#define MD 5") when MD is not defined.) der Mouse mouse@collatz.mcrcim.mcgill.edu