httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: cvs commit: httpd-2.0/support htpasswd.c
Date Tue, 10 Sep 2002 07:20:36 GMT
On Tue, Sep 10, 2002 at 12:08:42AM -0700, Aaron Bannert wrote:
> On Mon, Sep 09, 2002 at 11:36:11PM -0700, Justin Erenkrantz wrote:
> > But, I still think producing unobfuscated md5 hashes is a useful
> > option, so I'll leave this commit in.  -- justin
> I'm totally out of my league here, but is this different than say
> md5sum? (It still might make sense to keep it, or at least invent
> our own md5sum, since apache is probably more portable than md5sum.)

Well, what we do with the -m option to htpasswd is produce a
'special' md5 value prefixed by '$apr_1$' (or something like that).
Our apr_password_validate looks for the special string and calls
APR's md5 routines if it sees it (bypassing crypt() I think).  This
option to htpasswd skips that whole logic and produces a true md5

Yeah, a program in apr-util/test that was md5sum would be really
nice and prolly really easy to write.  =)  -- justin

View raw message