On 11/12/2011 06:43 PM, Andreas Rudat wrote: > But if that works, why then all are saying that you can just work with > plaintext? Its realy confusing. If you have the plaintext, you can generate any hash, and of course perform any auth mechanism.