Bug#489899: apache2-utils htpasswd bogus compromised md5 factor
Hi,
On Tuesday 08 July 2008, Mark Hedges wrote:
> Does this restrict the hash space so it can be more easily cracked?
Yes, but even the reduced hash space is enough to prevent dictionary /
rainbow table attacks for some time to come. This is not a severe
issue. See also the thread at [1].
When I build an update for apache2 for etch r5, maybe I will include
the fix. But it will definitely not be in etch r4, which is still not
released (but the apache2 package is already built).
Cheers,
Stefan
[1] http://seclists.org/bugtraq/2008/Feb/0205.html
Reply to: