On Tue, 2007-12-18 at 01:38 -0500, Mark Doliner wrote: > That's certainly possible. It's not really something users should have to > deal with, though. I'd rather just try md5 and if that fails then fall back > to XOR. I don't think silently drop to a known to be insecure authentication mechanism is a good idea. -khc