Greetings, I have been working with OTRS here for a bit, and needed to modify the source some, and had an idea I thought I would pass along. In Kernel/System/Auth/DB.pm, Kernel/System/User.pm, Kernel/System/CustomerUser/DB.pm and Modules/AdminSignature.pm the salt for the crypt() function is $User. My thought was to secure this some more by using a function like below to build a random salt for password encryption: sub random_salt { my (@salt_set, $salt); @salt_set = ('a'..'z', 'A'..'Z', '0'..'9', '.', '/'); $alt = $salt_set[int(rand(64))] . $salt_set[int(rand(64))]; return $salt; } Since the password checking routine, Auth(), already reads the username and password from the system_users table one could get the salt for password verification easily: my $salt = $GetPw; $salt =~ s/^(..).*/$1/; Just my $0.02. Andrew