From gstein@lyra.org  Mon Dec  4 22:57:37 2000
Return-Path: <gstein@lyra.org>
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 66804 invoked from network); 4 Dec 2000 22:57:37 -0000
Received: from test.webdav.org (HELO kurgan.lyra.org) (198.144.203.199)
  by locus.apache.org with SMTP; 4 Dec 2000 22:57:37 -0000
Received: (from gstein@localhost)
	by kurgan.lyra.org (8.9.3/8.9.3) id PAA26107
	for dev@apr.apache.org; Mon, 4 Dec 2000 15:00:14 -0800
X-Authentication-Warning: kurgan.lyra.org: gstein set sender to gstein@lyra.org using -f
Date: Mon, 4 Dec 2000 15:00:14 -0800
From: Greg Stein <gstein@lyra.org>
To: dev@apr.apache.org
Subject: Re: cvs commit: apr/test aprtest.dsp aprtest.dsw aprtest.win Makefile.in sendfile.c testmmap.c client.dsp htdigest.dsp server.dsp test.dsw testarg.dsp testfile.dsp testproc.dsp testsig.dsp testsock.dsp testsuite.dsw testthread.dsp testucs.dsp timetest.dsp
Message-ID: <20001204150014.N25494@lyra.org>
Mail-Followup-To: dev@apr.apache.org
References: <004701c05e44$05cecd40$92c0b0d0@roweclan.net> <Pine.LNX.4.21.0012041453220.1410-100000@koj.rkbloom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.LNX.4.21.0012041453220.1410-100000@koj.rkbloom.net>; from rbb@covalent.net on Mon, Dec 04, 2000 at 02:54:33PM -0800
X-URL: http://www.lyra.org/greg/
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

On Mon, Dec 04, 2000 at 02:54:33PM -0800, rbb@covalent.net wrote:
> 
> > >   Index: Makefile.in
> > >   ===================================================================
> > >   -TARGETS= testmd5@EXEEXT@ \
> > >   -	testfile@EXEEXT@ \
> > >   +TARGETS= testfile@EXEEXT@ \
> > 
> > md5 (et. al.) are all moving to aprutil, correct?
> 
> I would really prefer that we keep some way to encode passwords in
> APR.  This is a portability issue, so -1 (vote, not veto) for removing
> md5 from APR.

I'm +1 on moving them to apr-util ... MD5 hashing is entirely portable. That
is also where SHA-1 hashing is located.

(the standard crypt() is generally non-portable and would remain in APR;
 that should solve Ryan's request for a way to hash [not encode] passwords)

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/