Bug#606958: Truncation with passwords generated with htpasswd

To: dbareiro@gmx.net
Cc: 606958@bugs.debian.org
Subject: Bug#606958: Truncation with passwords generated with htpasswd
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 13 Dec 2010 16:08:47 +0100
Message-id: <201012131608.48248.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 606958@bugs.debian.org
In-reply-to: <20101213125029.GG30060@defiant.freesoftware>
References: <20101213125029.GG30060@defiant.freesoftware>

On Monday 13 December 2010, Daniel Bareiro wrote:
> Apparently, crypt() is the algorithm used by default, which would
> limit passwords to 8 characters. This does not happen with SHA-1.

Yes, that is described in the htpasswd man page. The recommended 
algorithm is apr_md5 (the SHA algorithm does not use a salt and is 
less secure). The default will be changed in Apache 2.4.

Reply to:

Follow-Ups:
- Bug#606958: Truncation with passwords generated with htpasswd
  - From: Daniel Bareiro <dbareiro@gmx.net>

References:
- Bug#606958: Truncation with passwords generated with htpasswd
  - From: Daniel Bareiro <dbareiro@gmx.net>

Prev by Date: Bug#606958: Truncation with passwords generated with htpasswd
Next by Date: Bug#606958: Truncation with passwords generated with htpasswd
Previous by thread: Bug#606958: Truncation with passwords generated with htpasswd
Next by thread: Bug#606958: Truncation with passwords generated with htpasswd
Index(es):
- Date
- Thread