Bug#489899: apache2-utils htpasswd bogus compromised md5 factor

To: Mark Hedges <hedges@gombor.com>
Cc: 489899@bugs.debian.org
Subject: Bug#489899: apache2-utils htpasswd bogus compromised md5 factor
From: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 8 Jul 2008 22:56:20 +0200
Message-id: <[🔎] 200807082256.21136.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 489899@bugs.debian.org
In-reply-to: <[🔎] 20080708153041.27578.10640.reportbug@li16-163.members.linode.com>
References: <[🔎] 20080708153041.27578.10640.reportbug@li16-163.members.linode.com>

Hi,

On Tuesday 08 July 2008, Mark Hedges wrote:
> Does this restrict the hash space so it can be more easily cracked?

Yes, but even the reduced hash space is enough to prevent dictionary / 
rainbow table attacks for some time to come. This is not a severe 
issue. See also the thread at [1].

When I build an update for apache2 for etch r5, maybe I will include 
the fix. But it will definitely not be in etch r4, which is still not 
released (but the apache2 package is already built).

Cheers,
Stefan

[1] http://seclists.org/bugtraq/2008/Feb/0205.html

Reply to:

References:
- Bug#489899: apache2-utils htpasswd bogus compromised md5 factor
  - From: Mark Hedges <hedges@gombor.com>

Prev by Date: Bug#481964: marked as done (apr-util should not migrate to testing before php5 5.2.6-1)
Next by Date: Bug#489957: Why not move /etc/apache2/envvars to /etc/default/apache2 ?
Previous by thread: Bug#489899: apache2-utils htpasswd bogus compromised md5 factor
Next by thread: Bug#489899: apache2-utils htpasswd bogus compromised md5 factor
Index(es):
- Date
- Thread