httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "TD - Sales International Holland B.V.">
Subject htpasswd and different kinds of encryption
Date Thu, 03 Jan 2002 11:39:43 GMT
Hey there,

first off all, please CC me, as I didn't join the list. Sorry about that, but 
I receive too much email already ( >1000 msgs a day :-(()

Anyways, my question is fairly simple. I had a look at the htpasswd man page 
and as far as I can see it supports 3 encryption types, CRYPT, MD5 & SHA. 
Crypt being the default, and MD5 would be a modified version of MD5 for 
apache. Now what I'd like to know is, which encryption standard is the 
strongest. (thus which one takes the longest if it's brute forced). The 
reason I'm asking is that I want to make my server as secure as possible. 
Ofcourse I should make sure the .htpasswd file can't be retrieved in the 
first place, but just in case it happens anyways I want to maximize the time 
it will take the attacker to brute force the password file.

Thanks in advance.

Kind regards,

Ferry van Steen

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message