[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#606958: Truncation with passwords generated with htpasswd



On Monday 13 December 2010, Daniel Bareiro wrote:
> Apparently, crypt() is the algorithm used by default, which would
> limit passwords to 8 characters. This does not happen with SHA-1.

Yes, that is described in the htpasswd man page. The recommended 
algorithm is apr_md5 (the SHA algorithm does not use a salt and is 
less secure). The default will be changed in Apache 2.4.



Reply to: