Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 53777 invoked from network); 8 Mar 2011 21:53:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 8 Mar 2011 21:53:36 -0000 Received: (qmail 97738 invoked by uid 500); 8 Mar 2011 21:53:35 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 97650 invoked by uid 500); 8 Mar 2011 21:53:35 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 97642 invoked by uid 99); 8 Mar 2011 21:53:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Mar 2011 21:53:35 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [217.160.171.50] (HELO jupiter.hal-nine-zero-zero-zero.net) (217.160.171.50) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 08 Mar 2011 21:53:30 +0000 Received: (qmail 6090 invoked from network); 8 Mar 2011 21:53:07 -0000 Received: from unknown (HELO localhost) (217.160.171.50) by jupiter.hal-nine-zero-zero-zero.net with SMTP; 8 Mar 2011 21:53:07 -0000 From: =?utf-8?q?Andr=C3=A9_Malo?= Organization: TIMTOWTDI To: dev@httpd.apache.org Subject: Re: mysql apache md5 Date: Tue, 8 Mar 2011 22:52:51 +0100 User-Agent: KMail/1.9.10 References: <97c68ebb-7f1d-4f0b-b173-1ed4121a14ce@zimbra> <4D75C762.8010008@rowe-clan.net> <4D765C3A.8050000@apache.org> In-Reply-To: <4D765C3A.8050000@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <201103082252.51405@news.perlig.de> =46rom the peanut gallery: Oh dear. The password encryption is called "MD5 based crypt" (as opposed to the DES= =20 based crypt used in the early days by various systems). "MD5 based crypt"=20 is now standard with modern systems. There's nothing Apache-special about=20 the algorithm. We just use a different init string here: $apr1$ instead of= =20 $1$ to avoid hash matches with the system password database=20 (like /etc/shadow). The only way to mistake it with plain MD5 hashing is being sloppy with=20 wording. See also: http://en.wikipedia.org/wiki/Crypt_%28Unix%29 nd =2D-=20 Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook! Ook? Ook. Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook. Ook? Ook. Ook! Ook! Ook? Ook! Ook. Ook? Ook. Ook. Ook. Ook. Ook. Ook. Ook! Ook. Ook! Ook! Ook! Ook! Ook! Ook.