httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: basic auth broken
Date Tue, 02 Feb 1999 16:55:02 GMT
Rasmus Lerdorf wrote:
> Hrm, that could be true.  It wouldn't surprise me if some OS developer out
> there thought it would be a good idea to "enhance" their crypt function
> and either accidentally or by design make it similar but not identical to
> the FreeBSD implementation.

So it sounds as though we should branch off and not try to
make our portable passwords be recognisable as using the
same algorithm as anyone else's.  I.e., use our own unique
significator (and beef up our encyption a bit).  If it happens
that ours is identical to FreeBSD's, at least we're not
claiming it's the same as any other MD5 algorithm.

How about directly copying FreeBSD's, but changing the format
to '$apr1$<salt>$<hash>'?  That gives some room for
#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

View raw message