Hi, Stefan. On Monday, 13 December 2010 16:08:47 +0100, Stefan Fritsch wrote: > > Apparently, crypt() is the algorithm used by default, which would > > limit passwords to 8 characters. This does not happen with SHA-1. > Yes, that is described in the htpasswd man page. The recommended > algorithm is apr_md5 (the SHA algorithm does not use a salt and is > less secure). The default will be changed in Apache 2.4. When you say "apr_md5", do you mean to use "htpasswd -m"? At least that's the only md5 form I see in htpasswd from Lenny 5.0.7. I was looking for some reference on the new default to be taken into Apache 2.4, but I could not find it. You will have it at hand? Thanks for your reply. Regards, Daniel -- Daniel Bareiro - GNU/Linux registered user #188.598 Proudly running Debian GNU/Linux with uptime: 13:14:55 up 61 days, 13:41, 10 users, load average: 0.05, 0.03, 0.00
Attachment:
signature.asc
Description: Digital signature