In (2): Attacker has to guess A. encryption type and B. 'salt' used. What if 'salt' required for encryption is deduced from login, by some magic formula?