On Wed, Nov 15, 2006 at 01:05:51PM +0100, Narcis wrote: > can anyone enlighten me? it looks like the address (ip?) and port of > the client (server?) are used in the decryption of the rsa key. Yes. The first few bytes of the message are replaced with the unencoded 32-bit IPv4 address of the server, and the port number, both of which were obtained using getpeername. This may be a misguided attempt to increase the difficulty of man-in-the-middle attack on the scheme, written in the days when it wasn't trivial to do network address translation. -- James Cameron mailto:quozl at us.netrek.org http://quozl.netrek.org/