There are more issues with this JS md5-ing then just sniffing. * Browsers (or even better: operating systems, like KDE) store passwords. Javascript breaks this often. Leading to * insecure situations, because I have to write down the passwords. * People recieve paswords by mail. They sit in the (hotmail)inbox for ever. * People use way to simple passwords and re-use that everywhere. * People are lazy and naive by nature, when it comes to security. Give * them tough passwords, with rotation, and theyll stick post-its on * theyr screens. No, really, this could indeed live in a contrib! But for me it is senseless. Its like putting an expensive lock on your door that needs three keys (instead of the much quicker to use one) while all your windows are broken and the backdoor has no lock at all. Id say that false sense of security is worse then no security, since in the latter case, people are a little more carefull. So, make this a contrib, but mark it as "might help a little, but dos not make your site secure". Ber