Hi, I'm trying to make sure that I have my cred interfaces right. Users log in using a username and password. They provide these credentials in plaintext (over a TLSd connection). The user password is stored using a secure key derivation function (in casu, scrypt). Currently I have this gumongous User object (an Axiom Item), and I'm trying to split it up into parts. IIUC, the checker's checked interface should be IUsernamePassword (that's already the case). However, the thing I adapt a User to to check it should be an IUsernameHashedPassword, right? In the end, I doubt this matters an awful lot, unless somebody ends up implementing a IUsernameHashedPassword checker that is smart enough to read both scrypt/bcrypt headers and /etc/shadow-style $-delimited entries. cheers lvh