On Sat, Mar 30, 2013 at 05:13:23PM +0200, Timo Juhani Lindfors wrote: > + hmac_sha256_hex($name, $alias + "obfuscate"), "\n"; Are you sure HMAC is immune against extension attacks on the "key"? You may want to append it to the name instead. Bastian -- It would be illogical to kill without reason. -- Spock, "Journey to Babel", stardate 3842.4