From cvs-return-64730-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Fri Nov 9 17:33:07 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id B40D9180627 for ; Fri, 9 Nov 2018 17:33:06 +0100 (CET) Received: (qmail 86622 invoked by uid 500); 9 Nov 2018 16:33:05 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 86613 invoked by uid 99); 9 Nov 2018 16:33:05 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Nov 2018 16:33:05 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 2F46E3A006D for ; Fri, 9 Nov 2018 16:33:05 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1846254 - in /httpd/httpd/trunk: docs/manual/programs/htpasswd.xml support/htpasswd.c Date: Fri, 09 Nov 2018 16:33:04 -0000 To: cvs@httpd.apache.org From: jorton@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20181109163305.2F46E3A006D@svn01-us-west.apache.org> Author: jorton Date: Fri Nov 9 16:33:04 2018 New Revision: 1846254 URL: http://svn.apache.org/viewvc?rev=1846254&view=rev Log: * support/htpasswd.c (usage): Fix bcrypt round maximum. * docs/manual/programs/htpasswd.xml: Document that bcrypt rounds are capped at 17. PR: 62078 Modified: httpd/httpd/trunk/docs/manual/programs/htpasswd.xml httpd/httpd/trunk/support/htpasswd.c Modified: httpd/httpd/trunk/docs/manual/programs/htpasswd.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/htpasswd.xml?rev=1846254&r1=1846253&r2=1846254&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/programs/htpasswd.xml (original) +++ httpd/httpd/trunk/docs/manual/programs/htpasswd.xml Fri Nov 9 16:33:04 2018 @@ -137,7 +137,7 @@ distribution.
-C
This flag is only allowed in combination with -B (bcrypt encryption). It sets the computing time used for the bcrypt algorithm - (higher is more secure but slower, default: 5, valid: 4 to 31).
+ (higher is more secure but slower, default: 5, valid: 4 to 17).
-d
Use crypt() encryption for passwords. This is not @@ -259,6 +259,11 @@ distribution.

Usernames are limited to 255 bytes and may not include the character :.

+ +

The cost of computing a bcrypt password hash value increases + with the number of rounds specified by the -C option. + The apr-util library enforces a maximum number of + rounds of 17 in version 1.6.0 and later.

Modified: httpd/httpd/trunk/support/htpasswd.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=1846254&r1=1846253&r2=1846254&view=diff ============================================================================== --- httpd/httpd/trunk/support/htpasswd.c (original) +++ httpd/httpd/trunk/support/htpasswd.c Fri Nov 9 16:33:04 2018 @@ -111,7 +111,7 @@ static void usage(void) " -m Force MD5 encryption of the password (default)." NL " -B Force bcrypt encryption of the password (very secure)." NL " -C Set the computing time used for the bcrypt algorithm" NL - " (higher is more secure but slower, default: %d, valid: 4 to 31)." NL + " (higher is more secure but slower, default: %d, valid: 4 to 17)." NL " -d Force CRYPT encryption of the password (8 chars max, insecure)." NL " -s Force SHA encryption of the password (insecure)." NL " -p Do not encrypt the password (plaintext, insecure)." NL