> What about md5? Too fast, it still allows dictionary attacks rather easily (yes I know that users should choose good passwords, but some won't). md5^500 (500 rounds of md5), or however many takes about 0.5 seconds on a fast computer (say a DEC Alpha 3000 model 900), should be enough. -- Jon