note gwadej <p>I'm pretty sure you are aware of this, but to avoid confusion from people reading this later...</p> <blockquote><i>You'd have to learn the "secret" string and then reverse a hash function and that would then only get you the hashed password.</i></blockquote> <p>If we are really talking about the cookie being a cryptographic hash of something and a hashed password, the phrase <em>reverse the hash</em> describes an extremely hard problem. Reversing any cryptographic hash should be computationally infeasible.</p> <!-- Node text goes above. Div tags should contain sig only --> <div class="pmsig"><div class="pmsig-278098"> G. Wade </div></div> 784123 785340