Erik, On 6/4/05, Erik Heerlein <erik at erikheerlein.com> wrote: > Is the MD5hash worth using? Is it error prone or is authorize.net's > implementation of it that is error prone? Can you describe exactly what is being hashed by md5? MD5 isn't error prone, AFAIK. What is "error prone" is how some people use it, as if it were an encryption method. People, for instance, use md5 to 'encrypt' passwords that they then store in cookies. This really is no more safe than storing the plain text password in the cookie, as md5'ing it will only keep an honest man honest. One thing (although I could not confirm this with google): I believe the algorithm is not one-to-one. In other words, a given string will hash the same way every time, but a given hash could be the result of md5'ing more than one string. i.e., a collision. However, neither of these explains why authorize.net would send you an md5 hash that was incorrect. I suspect you were talking to a tech support dude(tte) who didn't quite know what he/she was talking about. -- Matt Warden Miami University Oxford, OH, USA http://mattwarden.com This email proudly and graciously contributes to entropy.