httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rasmus Lerdorf <ras...@lerdorf.on.ca>
Subject Re: Proposal for Win32 crypt() issue
Date Tue, 29 Sep 1998 23:10:40 GMT
> I'd like to suggest the following workaround/solution to
> the Win32 crypt() issue:
> 
> o Use MD5 on Win32.
> o Modify htpasswd.c to take an additional switch to
>   indicate algorithm.  Default is crypt, but #ifdef
>   so that on Win32 it says 'use -a md5 instead'.
> o Likewise for dbmmanage. (?)
> o For now, #ifdef the mod_auth* stuff to use MD5 on Win32.
>   (Ultimately this will be fixed by the reworked auth API.)
> 
> For the short term this makes Win32 and Unix .htpasswd
> files non-interoperable.  It would be nice to be able to
> add a core directive that allowed the algorithm for a
> particular scope/realm to be specified, but I don't
> see that happening without a significant overhaul of
> this stuff -- which is already slated for 2.0.

Why not go the OpenBSD/FreeBSD/Linux route and have the SALT argument
indicate the encryption method if more than one is available?  In the case
of Win32 where only MD5 might be available by default that is the
algorithm you get regardless of the SALT.  I don't see the need for an
additional switch here.  And it isn't like an MD5 .htpasswd would be
completely non-interoperable.  There are plenty of *BSD systems out there
where MD5 is the default encryption algorithm and in those case this file
would be completely interoprable if the same $1$ salt syntax was used.
See the crypt man page on any OpenBSD box, or the crypt() code in PHP3.

 (http://cvs.php.net/cvsweb.cgi/functions/crypt.c?rev=HEAD)

-Rasmus


Mime
View raw message