der linken... My understanding is that the algorithms used are mathematically guaranteed such that knowning the salt, knowing previous results, none of these things allow someone to predict future results. I also thought the algorithm was based on open, mathemtically proofed algoriothms. Vulnerability in the RSA implementation, or some out-of-band attack on the authentication service? IACSecurity, to paraphrase Kenny Rogers, there'll be time enough for the disclosin', when the mitigatin's done. I'm guessing you've got a busy day or two ahead you. .