apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 47162] [PATCH] crypto: read/write support for SSHA-1 (salted SHA-1)
Date Fri, 07 Sep 2012 19:41:39 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47162

--- Comment #3 from Stefan Fritsch <sf@sfritsch.de> ---
(In reply to comment #0)
> Why, apart from security, is this useful? I can present at least one use
> case (ours): when migrating from LDAP-based authentication to .htaccess
> authentication.

AFAICS, SSHA-1 uses only one round of SHA-1, so it's rather insecure. I don't
want to add more insecure hash algorithms to htpasswd. But I would accept the
use case of moving from LDAP-based authentication to file based authentication.
But for that, only the verify ("read") support would be needed. Do you agree
that verify support alone would be useful?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message