>>>>m5 hash with api - see here http://www.atoutfox.org/articles.asp?ACTION=FCONSULTER&ID=0000000627
>>>
>
>Again, thank you for suggesting HASH approach. I finally read a couple of on-line articles and understood - conceptually - how it works. A couple of conclusions I made is 1. I cannot use it user passwords. My users often forget their password and I have to "look it up" for them. Hash string is one-way only so I could not look it up for customers. If I have to use Hash approach for user passwords I would have to provide users with a way to reset it. Or I would have to create a new one for them every time. But something to consider. 2. For storing SQL Server password in XML file Hash will work nicely. I just have to have (in my head <g>) confidence that it works. Since if I Hash a password into an XML file and user cannot log into SQL Server I would have to confidently look into SQL Server for the solution and not trying to reset password every time.

> 1. I cannot use it user passwords. My users often forget their password and I have to "look it up" for them

If they forget - you generate a new password - which they can change later