apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <...@rkbloom.net>
Subject Re: apr_password_validate is not testing md5/sha1 in the apr test suite
Date Thu, 27 May 2004 12:38:03 GMT
On Wed, 26 May 2004, Stas Bekman wrote:

> rbb@rkbloom.net wrote:

>  > Also it will show you how to generate the data for yourself.
>
> Unfortunately at the moment I have no time to figure it out. Though it worries
> me that I couldn't get non-apr md5/sha1 generators' output pass password_validate.

This one, at least, is easy to explain.  We use a non-standard prefix in
the encrypted password to tell APR what type of password it is.  That way,
the one function can decrypt _any_ format it understands without having to
be re-built.  If you look at the passwords htpasswd generated, the
prefix for all md5 passwords is the same, same for sha1 (although it is
different from the md5 prefix).  This is the same model that *BSD uses
IIRC.

Ryan



Mime
View raw message