Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: pass (nike.apache.org: domain of noel.butler@ausics.net
 designates 27.33.160.23 as permitted sender)
Subject: Re: md5crypt passwords
From: Noel Butler <noel.butler@ausics.net>
To: dev@httpd.apache.org
In-Reply-To: <alpine.DEB.2.00.1206201641110.5284@eru.sfritsch.de>
References: 
	 <CAMD-=VJS7f49CoCjMvhz0j8t=uf2xnaaCuxkA36J34brj2OoyQ@mail.gmail.com>
	 <alpine.DEB.2.00.1206201641110.5284@eru.sfritsch.de>
Content-Type: multipart/signed; micalg="pgp-sha1";
 protocol="application/pgp-signature"; boundary="=-LamXPFdECYl/1yCl6aeF"
Date: Thu, 21 Jun 2012 13:42:31 +1000
Message-ID: <1340250151.6625.15.camel@tardis>
Mime-Version: 1.0


--=-LamXPFdECYl/1yCl6aeF
Content-Type: multipart/related; type="multipart/alternative";
	boundary="=-VThCfc1N2ChRT9hnCCge"


--=-VThCfc1N2ChRT9hnCCge
Content-Type: multipart/alternative; boundary="=-i45H5jGquqD3C+Fy48bL"


--=-i45H5jGquqD3C+Fy48bL
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable

On Wed, 2012-06-20 at 22:52 +0200, Stefan Fritsch wrote:

> On Wed, 20 Jun 2012, Nick Edwards wrote:
> > I posted this to users list last week but no-one bit, so I'm trying her=
e.
> >
> > With md5crypt no longer recommended for use by its author, will Apache
> > soon support sha256/sha512 in basic authentication via MySQL.
>=20
> Note that it does not really matter that much which hash algorithm is=20
> used. The number of rounds is more important. APR-MD5 ("$apr1$") does 100=
0=20
> times recursive md5 (which is 1000 times more secure in terms of brute=20
> forcing than plain md5). We should switch to something that needs more=20
> processing time so that it is more difficult to brute force.
>=20


yup, I'm not a crypto expert but IIRC sha512 by default uses rounds=3D5000
(if not rounds=3D is not specified)

I brought this up with (I think it was) Bill, a year ago (using SHA2)
and at that time there were no plans, however, in light of recent
events, I'd agree it needs to be revisited.


> >
> > For Mail and FTP, we are _now_ successfully using  crypt($password,
> > '$6$' . $16charsalt) for sha512, be nice if Apache basic auth would
> > too!
>=20
> APR passes everything it doesn't know to the system's crypt() function. S=
o=20
> chances are good that using $6$... already works for you. However, there=20
> is currently no way to create such hashes with htpasswd.
>=20


If the OP is using crypt() correctly with a modern nix OS it certainly
will, I've been using sha512 for a while.
I'm surprised he did not just "try it", he might have had his answer a
week ago.

in perl I've been using

$psalt=3D  join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[map {rand 64}
(0..15)];
$epass =3D crypt($PASS, '$6$' . $psalt);

the end result will be readable by httpd to auth users

In php, I've used=20

$psalt =3D uniqid(16);    <-- yes i know a bad cheat :) ... but I'm far
from knowledgeable with php
$epass =3D crypt($PASS,'$6$'.$csalt);


--=-i45H5jGquqD3C+Fy48bL
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/3.28.3">
</HEAD>
<BODY>
On Wed, 2012-06-20 at 22:52 +0200, Stefan Fritsch wrote:
<BLOCKQUOTE TYPE=3DCITE>
<PRE>
On Wed, 20 Jun 2012, Nick Edwards wrote:
&gt; I posted this to users list last week but no-one bit, so I'm trying he=
re.
&gt;
&gt; With md5crypt no longer recommended for use by its author, will Apache
&gt; soon support sha256/sha512 in basic authentication via MySQL.

Note that it does not really matter that much which hash algorithm is=20
used. The number of rounds is more important. APR-MD5 (&quot;$apr1$&quot;) =
does 1000=20
times recursive md5 (which is 1000 times more secure in terms of brute=20
forcing than plain md5). We should switch to something that needs more=20
processing time so that it is more difficult to brute force.

</PRE>
</BLOCKQUOTE>
<BR>
yup, I'm not a crypto expert but IIRC sha512 by default uses rounds=3D5000&=
nbsp; (if not rounds=3D is not specified)<BR>
<BR>
I brought this up with (I think it was) Bill, a year ago (using SHA2) and a=
t that time there were no plans, however, in light of recent events, I'd ag=
ree it needs to be revisited.<BR>
<BR>
<BLOCKQUOTE TYPE=3DCITE>
<PRE>
&gt;
&gt; For Mail and FTP, we are _now_ successfully using  crypt($password,
&gt; '$6$' . $16charsalt) for sha512, be nice if Apache basic auth would
&gt; too!

APR passes everything it doesn't know to the system's crypt() function. So=20
chances are good that using $6$... already works for you. However, there=20
is currently no way to create such hashes with htpasswd.

</PRE>
</BLOCKQUOTE>
<BR>
If the OP is using crypt() correctly with a modern nix OS it certainly will=
, I've been using sha512 for a while.<BR>
I'm surprised he did not just &quot;try it&quot;, he might have had his ans=
wer a week ago.<BR>
<BR>
in perl I've been using<BR>
<BR>
$psalt=3D&nbsp; join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[map {rand 64}=
 (0..15)];<BR>
$epass =3D crypt($PASS, '$6$' . $psalt);<BR>
<BR>
the end result will be readable by httpd to auth users<BR>
<BR>
In php, I've used <BR>
<BR>
$psalt =3D uniqid(16);&nbsp;&nbsp;&nbsp; &lt;-- yes i know a bad cheat <IMG=
 SRC=3D"cid:1340249803.6625.8.camel@tardis" ALIGN=3D"middle" ALT=3D":)" BOR=
DER=3D"0"> ... but I'm far from knowledgeable with php<BR>
$epass =3D crypt($PASS,'$6$'.$csalt);<BR>
<BR>
<BR>
</BODY>
</HTML>

--=-i45H5jGquqD3C+Fy48bL--

--=-VThCfc1N2ChRT9hnCCge
Content-ID: <1340249803.6625.8.camel@tardis>
Content-Disposition: attachment; filename="face-smile.png"
Content-Type: image/png; name="face-smile.png"
Content-Transfer-Encoding: base64

iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAAB3RJ
TUUH1wgOER8RqU5d7gAAAwtJREFUOI1lk01oXGUYhZ/73Ts/sWPiT8YE2ti6SF00jDWBaBWLuhFB
QgUNQsFdCair2pVSBV3YGkNWDVjcqKlIaG2sLf5EUBqTBkqjTFMi2Px2ojOTpJnMZHLnfvd+3+si
VKR5V2dxOBx4z+Nw1419QZty3R5EdYmJmgEcpfIgF6zYT59+nan/+5074sYQ8XIQG/ASjYdbDxyP
px58Rql4M0hIFMxQKf5sb149pY1eOdOQ4I193ej/AoaGcFt07PKufUc6dmY+ShBOI+FfQAB4ID5C
CieeYWHy3SA/c/FaLsHB7m4MABNfxfpvTfb4YkpiNi+K1X+K2EDEhiKmIhIVxNauil55R6LNUZkZ
e96fGKQfwBn7jN3xhqZsx8tT9aInUYlOTvSeYrlYoK/3fcRWOdk7wHJxiY8/eBZdPo/X8BZ/XHql
HG5UM0olvaOtT7yXIprF8fYALmfPfcPwt5dANNgyZ8+PMPzdOJh/wOQx/ii7M6+mSHJU4ahDqfRz
SqJ5cGIgNR5t3Uv7/gxifbDr7H0kxeNtOxB9A3Aw/jip9EHlCIc8G0VNKpZGdBGiHOI+xODnJ0FC
xK6AKfDl6ZcgmkOiRcBg9QLJB1qwliYPAIkQKUM4DbYETt1WfSmDWQa7BraKNTXEBohoQADwHNct
mGD+YSUKMXkc8cFJbhlsFbFrYFYRW8KaDazxQaUJ/XmUoqAEM1wufG/xdkK0xOTICW4v/YKuTmP0
AjbMEdYWWc3Pcv1KFmMquHWdVJYvW3EY3nrjvfdl27t+qpfKaW5X2slN9VEtLWEiDYDredxT38iu
treJywB16Q/J/nikHG5UM1tDGlT9c1de9CN/XMK1T8TUrok1ayJWi9hAbLQqYXVUqn+/KUHpa5n5
7anNO0PyABbj9pi9+UOniNPR8tjxRLgxgvF/xeg5xAY4bhq37gDejhe4db2vVpwb/z2X4Ng2mNZr
DLjx+w/v2f9aPNX4pIolW0AsoT9LZWXCLmTPaaPXzzQk74JpG84OPQJdWJoBUOQduGCFbTj/C8H3
uN+XWOgHAAAAAElFTkSuQmCC


--=-VThCfc1N2ChRT9hnCCge--

--=-LamXPFdECYl/1yCl6aeF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAABAgAGBQJP4pggAAoJECg/hgl/0DbH9MAH/3xiad9mEgHEoeZEtfneTTag
KhvzNXAvRgwS49OpGS3FgJWy9e+WWjI2BpdfGZK0By7mG0yXadLgzkCHeusizDY3
fK8cOAnpnrux71+3SocVEsOnG9nuuTsul9zv8AflGHF/Wj24w9XWZQ9gwf6bidF9
W8EN6FC+84Xeyc3qVeGARrSOvxiAhHJn9QItiYxuAPBWkUJpVHfvMl4SDiQjhyPq
iBKKsYgZWFJPFJ/aigfL5UflvyXeIU0QPpor7PkEBapIUq8LLFRN9R8Z7c7yuSA2
vxc+uZA/qGXYJ2eBI+c2I0/ZSlZXzO25cG0hmxenhbgDeMecK1C66AHYkcV92UA=
=2r3I
-----END PGP SIGNATURE-----

--=-LamXPFdECYl/1yCl6aeF--