Hey tushar bro, i really dont know where you have studied computers, but doing attacks on Encrypted or hashed strings is an insane, time comsuming activity.Take SHA1 for example you have to generate atleast 2^80 strings of a given character set to find two that match. Ofcourse i know the next thing is you are going to start quoting the birthday paradox, trying to convince people that the number of strings that need to be generated is more manageable, but in reality it still doesnt work that way. Finding the initial vector for the hashing algorithms is not easy. MD5 for example was 4, 32 bit vectors (if my memory serves me correct). 32 Bits - 4 characters, how many 4 character combinations are you going to come up with. Not to mention that you will still need an exact copy of the plain text to compare.Next you dont know how the client & the server are synchronizing themselves. It could be they are passing strings that the client uses as the IV or they are just using timestamps. Who knows??I am not contesting your argument that the scheme is probably hashing, i suggested that myself early on. What i am trying to say is, encryption or hashing, both ways this is not going to be easy to crack.------------Hey StOLE, what with the 'L' Thing??? No offence bro, Stay out of this conversation if you dont have anything to contribute.