[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#606958: Truncation with passwords generated with htpasswd



Hi, Stefan.

On Monday, 13 December 2010 16:08:47 +0100,
Stefan Fritsch wrote:

> > Apparently, crypt() is the algorithm used by default, which would
> > limit passwords to 8 characters. This does not happen with SHA-1.

> Yes, that is described in the htpasswd man page. The recommended
> algorithm is apr_md5 (the SHA algorithm does not use a salt and is
> less secure). The default will be changed in Apache 2.4.

When you say "apr_md5", do you mean to use "htpasswd -m"? At least
that's the only md5 form I see in htpasswd from Lenny 5.0.7.

I was looking for some reference on the new default to be taken into
Apache 2.4, but I could not find it. You will have it at hand?


Thanks for your reply.

Regards,
Daniel
-- 
Daniel Bareiro - GNU/Linux registered user #188.598
Proudly running Debian GNU/Linux with uptime:
13:14:55 up 61 days, 13:41, 10 users,  load average: 0.05, 0.03, 0.00

Attachment: signature.asc
Description: Digital signature


Reply to: