httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <>
Subject Re: [PATCH] htdbm: warn crypt-enabled users that plaintext format won't work
Date Tue, 04 Apr 2006 13:36:48 GMT
On 4/3/06, William A. Rowe, Jr. <> wrote:
> Taking things one step further, sha1 is far preferred for cryptographic
> purposes these days than md5.  Suppose its time to switch?

Also, get htpasswd and htdbm defaults in sync.  htpasswd says it
defaults to CRYPT where crypt() is available.

To the extent that modern htdbm and htpasswd are provided solely for
user/pass verification with Apache 2.0 or above, there should be no
migration problems caused by changing the default hash mechanism as
long as we don't change the default TO crypt or plaintext (since those
are unsafe when moving files across platforms).

View raw message