apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: PATCH: md5 hash files not portable between EBCDIC and ASCII
Date Fri, 07 Sep 2007 05:54:45 GMT
* William A. Rowe, Jr. wrote:

> David Jones wrote:
> > md5 hash files aren't currently portable between EBCDIC and ASCII
> > machines, (sha is, and the initial work to make md5 portable is there).
> >
> > md5 hash files created using htpasswd -cm are not portable, i.e. you
> > can not create them on an EBCDIC platform,  move them to an ASCII
> > platform and get them to work successfully.
> > This is true for both apr-util 1.2.8  and earlier versions.
> >
> > There does not appear to be any installed EBCDIC base that would
> > require a compatability option to generate the current hash.
> > (These changes do not affect the hash created on ASCII in anyway)
>
> First, this would break existing md5 hashes on EBCDIC machines, right?

I guess so.

> Second, sha hashes are much more robust now for p/w type usages.
>
> I'd respectfully suggest that md5 hashes have never really been portable,
> they are expressly disallowed by fips-140 policies, and really should
> just be neglected into non-existence.  Thoughts?

Ew. Don't confuse MD5 crypt with MD5 hashes. For password usage MD5 crypt is 
*much* better than simple SHA1 hashes.

nd
-- 
die (eval q-qq:Just Another Perl Hacker
:-)

# André Malo, <http://www.perlig.de/> #

Mime
View raw message