httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Edwards <nick.z.edwa...@gmail.com>
Subject md5crypt passwords
Date Wed, 20 Jun 2012 12:25:21 GMT
Hello,

I posted this to users list last week but no-one bit, so I'm trying here.

With md5crypt no longer recommended for use by its author, will Apache
soon support sha256/sha512 in basic authentication via MySQL.

I understand the apr version is different to plain md5crypt, but it is
based on the same thing from what I can tell, so its pointless
upgrading our database passwords to use sha512 if Apache's still the
weak link.

All admin scripts run in perl, and we are currently doing this with
apache_md5_crypt($password); using Crypt::PasswdMD5

For Mail and FTP, we are _now_ successfully using  crypt($password,
'$6$' . $16charsalt) for sha512, be nice if Apache basic auth would
too!

Apache currently only offers SHA1 which is about as secure (can be
read as , as hopeless as) MD5.

Can the project devs/team leaders indicate if there are future plans
to mnprove the basic auth security methods up to SHA512?

nik

Mime
View raw message