The function that maps a password to an encryption key is called [[StringToKey]]. The AFS standard one uses the realm name as a salt. The MIT standard is different from this and there were changes between v4 and v5 as well, I think. -- Ted Anderson - 23 Jan 2002 The MIT v5 [[StringToKey]] uses the same underlying algorithm as the v4 [[StringToKey]], but adds a salt based on the principal name. -- Derrick Brashear - 24 Jan 2002