apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 47162] [PATCH] crypto: read/write support for SSHA-1 (salted SHA-1)
Date Fri, 07 Sep 2012 19:41:39 GMT

--- Comment #3 from Stefan Fritsch <sf@sfritsch.de> ---
(In reply to comment #0)
> Why, apart from security, is this useful? I can present at least one use
> case (ours): when migrating from LDAP-based authentication to .htaccess
> authentication.

AFAICS, SSHA-1 uses only one round of SHA-1, so it's rather insecure. I don't
want to add more insecure hash algorithms to htpasswd. But I would accept the
use case of moving from LDAP-based authentication to file based authentication.
But for that, only the verify ("read") support would be needed. Do you agree
that verify support alone would be useful?

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org

View raw message