diff --git a/lam-0.4/lib/account.inc b/lam-0.4/lib/account.inc
index 639040fd..1d1128b7 100644
--- a/lam-0.4/lib/account.inc
+++ b/lam-0.4/lib/account.inc
@@ -201,7 +201,7 @@ function getquotas($users) {
 	if (is_array($users)) $return = $users;
 		else $return[0] = $users;
 	// get username and password of the current lam-admin
-	$ldap_q = $_SESSION['ldap']->decrypt();
+	$ldap_q = $_SESSION['ldap']->decrypt_login();
 	/* $towrite has the following syntax:
 	* admin-username, admin-password, account with quotas, 'quota', operation='get', type=user|group
 	* use escapeshellarg to make exec() shell-safe
@@ -299,7 +299,7 @@ function getquotas($users) {
 */
 function setquotas($values2) {
 	// get username and password of the current lam-admin
-	$ldap_q = $_SESSION['ldap']->decrypt();
+	$ldap_q = $_SESSION['ldap']->decrypt_login();
 	/* $towrite has the following syntax:
 	* admin-username, admin-password, account with quotas, 'quota', operation='set', type=user|group
 	* use escapeshellarg to make exec() shell-safe
@@ -390,7 +390,7 @@ function setquotas($values2) {
 */
 function remquotas($users, $type) {
 	// get username and password of the current lam-admin
-	$ldap_q = $_SESSION['ldap']->decrypt();
+	$ldap_q = $_SESSION['ldap']->decrypt_login();
 	/* $towrite has the following syntax:
 	* admin-username, admin-password, account with quotas, 'quota', operation='rem', type=user|group
 	* use escapeshellarg to make exec() shell-safe
@@ -455,7 +455,7 @@ function remquotas($users, $type) {
 */
 function addhomedir($users) {
 	// get username and password of the current lam-admin
-	$ldap_q = $_SESSION['ldap']->decrypt();
+	$ldap_q = $_SESSION['ldap']->decrypt_login();
 	/* $towrite has the following syntax:
 	* admin-username, admin-password, owner of homedir, 'home', operation='add'
 	* use escapeshellarg to make exec() shell-safe
@@ -521,7 +521,7 @@ function addhomedir($users) {
 */
 function remhomedir($users) {
 	// get username and password of the current lam-admin
-	$ldap_q = $_SESSION['ldap']->decrypt();
+	$ldap_q = $_SESSION['ldap']->decrypt_login();
 	/* $towrite has the following syntax:
 	* admin-username, admin-password, owner of homedir, 'home', operation='add'
 	* use escapeshellarg to make exec() shell-safe
@@ -1309,15 +1309,11 @@ function createuser($values, $uselamdaemon=true) {
 	// Create DN for new user account
 	$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
 	// decrypt password because we don't want to store them unencrypted in session
-	$iv = base64_decode($_COOKIE["IV"]);
-	$key = base64_decode($_COOKIE["Key"]);
 	if ($values->unix_password != '') {
-		$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
-		$values->unix_password = str_replace(chr(00), '', $values->unix_password);
+		$values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
 		}
 	if ($values->smb_password != '') {
-		$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
-		$values->smb_password = str_replace(chr(00), '', $values->smb_password);
+		$values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
 		}
 
 	// Attributes which are required
@@ -1499,15 +1495,11 @@ function modifyuser($values,$values_old,$uselamdaemon=true) { // Will modify the
 	// Create DN for new user account
 	$values->general_dn = 'uid=' . $values->general_username . ',' . $values->general_dn;
 	// decrypt password because we don't want to store them unencrypted in session
-	$iv = base64_decode($_COOKIE["IV"]);
-	$key = base64_decode($_COOKIE["Key"]);
 	if ($values->unix_password != '') {
-		$values->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->unix_password), MCRYPT_MODE_ECB, $iv);
-		$values->unix_password = str_replace(chr(00), '', $values->unix_password);
+		$values->unix_password = $_SESSION['ldap']->decrypt(base64_decode($values->unix_password));
 		}
 	if ($values->smb_password != '') {
-		$values->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($values->smb_password), MCRYPT_MODE_ECB, $iv);
-		$values->smb_password = str_replace(chr(00), '', $values->smb_password);
+		$values->smb_password = $_SESSION['ldap']->decrypt(base64_decode($values->smb_password));
 		}
 	// Attributes which are required
 	if ($values->general_username != $values_old->general_username) {
diff --git a/lam-0.4/lib/ldap.inc b/lam-0.4/lib/ldap.inc
index 92bc14fe..fde6be44 100644
--- a/lam-0.4/lib/ldap.inc
+++ b/lam-0.4/lib/ldap.inc
@@ -24,6 +24,7 @@ $Id$
 // ldap.inc provides basic functions to connect to the OpenLDAP server.
 
 include_once("config.inc");
+include_once("blowfish.inc");
 
 // converts a HEX string to a binary value
 function hex2bin($value) {
@@ -233,7 +234,7 @@ class Ldap{
 			return false;
 		}
 		// save password und username encrypted
-		$this->encrypt($user, $passwd);
+		$this->encrypt_login($user, $passwd);
 		$this->server = @ldap_connect($this->conf->get_ServerURL());
 		if ($this->server) {
 			// use LDAPv3
@@ -386,7 +387,7 @@ class Ldap{
 
 	// reconnects to LDAP server when deserialized
 	function __wakeup() {
-		$data = $this->decrypt();
+		$data = $this->decrypt_login();
 		$this->connect($data[0], $data[1]);
 		// change random number
 		mt_srand($this->rand + (microtime() * 1000000));
@@ -415,32 +416,74 @@ class Ldap{
 		$this->rand = mt_rand();
 	}
 
+	// encrypts a string
+	// $data: string to encrypt
+	// return: encrypted string
+	function encrypt($data) {
+		// use MCrypt if available
+		if (function_exists(mcrypt_create_iv)) {
+			// read key and iv from cookie
+			$iv = base64_decode($_COOKIE["IV"]);
+			$key = base64_decode($_COOKIE["Key"]);
+			// encrypt string
+			return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
+		}
+		// use Blowfish if MCrypt is not available
+		else {
+			// read key and iv from cookie
+			$iv = base64_decode($_COOKIE["IV"]);
+			$key = base64_decode($_COOKIE["Key"]);
+			$b_key = $iv . $key;
+			// encrypt string
+			$b_fish = new Cipher_blowfish();
+			return $b_fish->encrypt($data, $b_key);
+		}
+	}
+
+	// decrypts a string
+	// $data: string to decrypt
+	// return: decrypted string
+	function decrypt($data) {
+		// use MCrypt if available
+		if (function_exists(mcrypt_create_iv)) {
+			// read key and iv from cookie
+			$iv = base64_decode($_COOKIE["IV"]);
+			$key = base64_decode($_COOKIE["Key"]);
+			// decrypt string
+			$ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
+			$ret = str_replace(chr(00), "", $ret);
+			return $ret;
+		}
+		// use Blowfish if MCrypt is not available
+		else {
+			// read key and iv from cookie
+			$iv = base64_decode($_COOKIE["IV"]);
+			$key = base64_decode($_COOKIE["Key"]);
+			$b_key = $iv . $key;
+			// decrypt string
+			$b_fish = new Cipher_blowfish();
+			return $b_fish->decrypt($data, $b_key);
+		}
+	}
+
 	// encrypts username and password
 	// $username: LDAP user name
 	// $password: LDAP password
-	function encrypt($username, $password) {
-		// read key and iv from cookie
-		$iv = base64_decode($_COOKIE["IV"]);
-		$key = base64_decode($_COOKIE["Key"]);
+	function encrypt_login($username, $password) {
 		// encrypt username and password
-		$this->username = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $username, MCRYPT_MODE_ECB, $iv));
-		$this->password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $password, MCRYPT_MODE_ECB, $iv));
+		$this->username = base64_encode($this->encrypt($username));
+		$this->password = base64_encode($this->encrypt($password));
 	}
 
 	// decrypts username and password
 	// returns an array
 	// return[0]: user name
 	// return[1]: password
-	function decrypt() {
-		// read key and iv from cookie
-		$iv = base64_decode($_COOKIE["IV"]);
-		$key = base64_decode($_COOKIE["Key"]);
+	function decrypt_login() {
 		// decrypt username and password
-		$username = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->username), MCRYPT_MODE_ECB, $iv);
-		$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($this->password), MCRYPT_MODE_ECB, $iv);
+		$username = $this->decrypt(base64_decode($this->username));
+		$password = $this->decrypt(base64_decode($this->password));
 		$ret = array($username, $password);
-		$ret[0] = str_replace(chr(00), "", $ret[0]);
-		$ret[1] = str_replace(chr(00), "", $ret[1]);
 		return $ret;
 	}
 
diff --git a/lam-0.4/lib/pdf.inc b/lam-0.4/lib/pdf.inc
index 7af43dbf..d3f2fb7b 100644
--- a/lam-0.4/lib/pdf.inc
+++ b/lam-0.4/lib/pdf.inc
@@ -41,8 +41,6 @@ function createUserPDF($accounts) {
 	$pdfFile->setCreator("LDAP Account Manager (pdf.inc)");
 // Loop for every sumbitted account and print its values on a extra page
 	foreach ($accounts as $account) {
-		$iv = base64_decode($_COOKIE['IV']);
-		$key = base64_decode($_COOKIE['Key']);
 		$pdfFile->addPage();
 		// Load string with additional information from session
 		$info_string = $_SESSION['config']->pdftext;
@@ -141,8 +139,7 @@ function createUserPDF($accounts) {
 		elseif($account->unix_password == "") {
 		}
 		else {
-			$account->unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->unix_password), MCRYPT_MODE_ECB, $iv);
-			$account->unix_password = str_replace(chr(00), '', $account->unix_password);
+			$account->unix_password = $_SESSION['ldap']->decrypt(base64_decode($account->unix_password));
 			$pdfFile->setFont("times","B",10);
 			$pdfFile->Cell(50,5,_("Unix password") . ":",0,0,"R",0);
 			$pdfFile->setFont("times","",10);
@@ -199,8 +196,7 @@ function createUserPDF($accounts) {
 		elseif($account->smb_password == "") {
 		}
 		else {
-			$account->smb_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account->smb_password), MCRYPT_MODE_ECB, $iv);
-			$account->smb_password = str_replace(chr(00), '', $account->smb_password);
+			$account->smb_password = $_SESSION['ldap']->decrypt(base64_decode($account->smb_password));
 			$pdfFile->setFont("times","B",10);
 			$pdfFile->Cell(50,5,_("Windows password") . ":",0,0,"R",0);
 			$pdfFile->setFont("times","",10);
diff --git a/lam-0.4/templates/account/useredit.php b/lam-0.4/templates/account/useredit.php
index 67bbb88d..80e48798 100644
--- a/lam-0.4/templates/account/useredit.php
+++ b/lam-0.4/templates/account/useredit.php
@@ -310,14 +310,12 @@ switch ($_POST['select']) {
 	case 'unix':
 		// Write all general values into $account_new
 		if (isset($_POST['f_unix_password'])) {
-			// Encraypt password
-			$iv = base64_decode($_COOKIE["IV"]);
-			$key = base64_decode($_COOKIE["Key"]);
+			// Encrypt password
 			if ($_POST['f_unix_password'] != $_POST['f_unix_password2']) {
 				$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
 				unset ($_POST['f_unix_password2']);
 				}
-				else $account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_unix_password'], MCRYPT_MODE_ECB, $iv));
+				else $account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_unix_password']));
 			}
 		 else $account_new->unix_password = '';
 		if ($_POST['f_unix_password_no']) $account_new->unix_password_no = true;
@@ -333,9 +331,7 @@ switch ($_POST['select']) {
 			else $account_new->unix_deactivated = false;
 		if ($_POST['genpass']) {
 			// Generate a random password if generate-button was pressed
-			$iv = base64_decode($_COOKIE["IV"]);
-			$key = base64_decode($_COOKIE["Key"]);
-			$account_new->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
+			$account_new->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
 			unset ($_POST['f_unix_password2']);
 			// Keep unix-page acitve
 			$select_local = 'unix';
@@ -343,10 +339,7 @@ switch ($_POST['select']) {
 		// Check if values are OK and set automatic values. if not error-variable will be set
 		else { // account.inc
 			if ($account_new->unix_password != '') {
-				$iv = base64_decode($_COOKIE["IV"]);
-				$key = base64_decode($_COOKIE["Key"]);
-				$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
-				$password = str_replace(chr(00), '', $password);
+				$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
 				}
 			if (!ereg('^([a-z]|[A-Z]|[0-9]|[\|]|[\#]|[\*]|[\,]|[\.]|[\;]|[\:]|[\_]|[\-]|[\+]|[\!]|[\%]|[\&]|[\/]|[\?]|[\{]|[\[]|[\(]|[\)]|[\]]|[\}])*$', $password))
 				$errors[] = array('ERROR', _('Password'), _('Password contains invalid characters. Valid characters are: a-z, A-Z, 0-9 and #*,.;:_-+!$%&/|?{[()]}= !'));
@@ -412,8 +405,6 @@ switch ($_POST['select']) {
 					break;
 				}
 			}
-		$iv = base64_decode($_COOKIE["IV"]);
-		$key = base64_decode($_COOKIE["Key"]);
 		// Set Samba password
 		if (isset($_POST['f_smb_password']) && !$account_new->smb_useunixpwd) {
 			// Encraypt password
@@ -421,14 +412,13 @@ switch ($_POST['select']) {
 				$errors[] = array('ERROR', _('Password'), _('Please enter the same password in both password-fields.'));
 				unset ($_POST['f_smb_password2']);
 				}
-				else $account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['f_smb_password'], MCRYPT_MODE_ECB, $iv));
+				else $account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($_POST['f_smb_password']));
 			}
 		 	else $account_new->smb_password = '';
 		if ( (($account_new->smb_useunixpwd && !$account_old) || ($account_new->smb_useunixpwd && $account_new->unix_password!='')) && isset($account_new->unix_password) ) {
 			// Set Samba-Password to unix-password if option is set
-			$unix_password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
-			$smb_password = str_replace(chr(00), '', $unix_password);
-			$account_new->smb_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $smb_password, MCRYPT_MODE_ECB, $iv));
+			$unix_password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
+			$account_new->smb_password = base64_encode($_SESSION['ldap']->encrypt($smb_password));
 			}
 		// Check values
 		$account_new->smb_scriptPath = str_replace('$user', $account_new->general_username, $account_new->smb_scriptPath);
@@ -1034,10 +1024,7 @@ switch ($select_local) {
 		// Unix Password Settings
 		// decrypt password
 		if ($account_new->unix_password != '') {
-			$iv = base64_decode($_COOKIE["IV"]);
-			$key = base64_decode($_COOKIE["Key"]);
-			$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->unix_password), MCRYPT_MODE_ECB, $iv);
-			$password = str_replace(chr(00), '', $password);
+			$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->unix_password));
 			}
 		 else $password='';
 		// Use dd-mm-yyyy format of date because it's easier to read for humans
@@ -1145,10 +1132,7 @@ switch ($select_local) {
 		// Samba Settings
 		// decrypt password
 		if ($account_new->smb_password != '') {
-			$iv = base64_decode($_COOKIE["IV"]);
-			$key = base64_decode($_COOKIE["Key"]);
-			$password = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($account_new->smb_password), MCRYPT_MODE_ECB, $iv);
-			$password = str_replace(chr(00), '', $password);
+			$password = $_SESSION['ldap']->decrypt(base64_decode($account_new->smb_password));
 			}
 		else $password = "";
 		if ($config_intern->is_samba3()) $samba3domains = $ldap_intern->search_domains($config_intern->get_domainSuffix());
diff --git a/lam-0.4/templates/confwiz/server.php b/lam-0.4/templates/confwiz/server.php
index 8aca32eb..745a5c9c 100644
--- a/lam-0.4/templates/confwiz/server.php
+++ b/lam-0.4/templates/confwiz/server.php
@@ -96,7 +96,7 @@ if ($_POST['submit'] || $_POST['cancel']) {
 $back = false;
 if ($_GET['back'] || $_POST['back']) {
 	$back = true;
-	$auth = $_SESSION['confwiz_ldap']->decrypt();
+	$auth = $_SESSION['confwiz_ldap']->decrypt_login();
 }
 
 echo $_SESSION['header'];
diff --git a/lam-0.4/templates/login.php b/lam-0.4/templates/login.php
index fea60f35..16fe392a 100644
--- a/lam-0.4/templates/login.php
+++ b/lam-0.4/templates/login.php
@@ -47,6 +47,14 @@ function display_LoginPage($config_object,$profile)
 			$iv = mcrypt_create_iv(32, MCRYPT_RAND);
 		}
 	}
+	// use Blowfish if MCrypt is not available
+	else {
+		// generate iv and key for encryption
+		$key = "";
+		$iv = "";
+		while (strlen($key) < 30) $key .= mt_rand();
+		while (strlen($iv) < 30) $iv .= mt_rand();
+	}
 
 	// save both in cookie
 	setcookie("Key", base64_encode($key), 0, "/");
@@ -113,16 +121,8 @@ function display_LoginPage($config_object,$profile)
 		</table>
 		<hr><br><br>
 		<?php
-		if(! function_exists('mcrypt_create_iv')) {
-			StatusMessage("ERROR", "Your PHP does not support MCrypt, you will not be able to log in! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat");
-			?>
-	</body>
-</html>
-			<?php
-			exit;
-		}
-		if(! function_exists('mHash')) {
-			StatusMessage("WARN", "Your PHP does not support MHash, you will only be able to use CRYPT/PLAIN for user passwords! Please install the required package.","See http://lam.sf.net/documentation/faq.html#2 for Suse/RedHat");
+		if ((! function_exists('mHash')) && (! function_exists('sha1'))) {
+			StatusMessage("INFO", "Your PHP does not support MHash or sha1(), you will only be able to use CRYPT/PLAIN/MD5/SMD5 for user passwords!", "Please install MHash or update to PHP >4.3.");
 		}
 		?>
 		<p align="center">
diff --git a/lam-0.4/templates/masscreate.php b/lam-0.4/templates/masscreate.php
index 41f01347..9b816ab2 100644
--- a/lam-0.4/templates/masscreate.php
+++ b/lam-0.4/templates/masscreate.php
@@ -161,8 +161,6 @@ switch ($select) {
 			echo _('Creating users. Please stand by ....');
 			echo "</b></legend>\n<table border=0 width=\"100%\">\n";
 		// Keys needed to encrypt passwords from session
-		$iv = base64_decode($_COOKIE["IV"]);
-		$key = base64_decode($_COOKIE["Key"]);
 		$stay=true;
 		// Stay in loop as long there are still users to create and no error did ocour
 		while (($_SESSION['pointer'] < sizeof($_SESSION['accounts'])) && $stay) {
@@ -227,8 +225,7 @@ switch ($select) {
 			$_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_profilePath);
 			$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$user', $_SESSION['accounts'][$_SESSION['pointer']]->general_username, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
 			$_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome = str_replace('$group', $_SESSION['accounts'][$_SESSION['pointer']]->general_group, $_SESSION['accounts'][$_SESSION['pointer']]->smb_smbhome);
-			$_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode(mcrypt_encrypt(
-				MCRYPT_RIJNDAEL_256, $key, genpasswd(), MCRYPT_MODE_ECB, $iv));
+			$_SESSION['accounts'][$_SESSION['pointer']]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
 			$_SESSION['accounts'][$_SESSION['pointer']]->smb_password = $_SESSION['accounts'][$_SESSION['pointer']]->unix_password;
 				// Only create user if we have at least 5sec time to create the user
 			if ( (time()-$time)<(get_cfg_var('max_execution_time')-10)) {
@@ -474,8 +471,6 @@ function loadfile() {
 			$profile->quota = array_values($profile->quota);
 			}
 		// Get keys to en/decrypt passwords
-		$iv = base64_decode($_COOKIE["IV"]);
-		$key = base64_decode($_COOKIE["Key"]);
 		for ($row=0; $line_array=fgetcsv($handle,2048); $row++) {
 			 // loops for every row
 			// Set corrent user to profile
@@ -508,8 +503,7 @@ function loadfile() {
 			// Set DN without uid=$username
 			else $_SESSION['accounts'][$row]->general_dn = $_POST['f_general_suffix'];
 			// Create Random Password
-			$_SESSION['accounts'][$row]->unix_password = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
-				$key, genpasswd(), MCRYPT_MODE_ECB, $iv));
+			$_SESSION['accounts'][$row]->unix_password = base64_encode($_SESSION['ldap']->encrypt(genpasswd()));
 			$_SESSION['accounts'][$row]->smb_password=$_SESSION['accounts'][$row]->unix_password;
 			}
 		}