Hello,
I've got some questions about htpasswd. From the man page:
--------------------------------------------------------------------
-m Use MD5 encryption for passwords. On Windows, Netware and TPF,
this is the default.
-d Use crypt() encryption for passwords. The default on all plat‐
forms but Windows, Netware and TPF. Though possibly supported by
htpasswd on all platforms, it is not supported by the httpd
server on Windows, Netware and TPF.
-s Use SHA encryption for passwords. Facilitates migration from/to
Netscape servers using the LDAP Directory Interchange Format
(ldif).
--------------------------------------------------------------------
Why are there different defaults for different platforms?
Does "SHA encryption" use SHA-0, SHA-1, SHA-224, SHA-256, SHA-384,
or
SHA-512?
When I run "htpasswd -m -n -b testuser testpassword" I get:
testuser:$apr1$4jXSc...$N0NEIs0Hxh1./JJkuMghO1
And when I run "htpasswd -s -n -b testuser testpassword" I get:
testuser:{SHA}i7YRj4/Wk1rQh2o740pxfTJwj/0=
I know MD5 always produces a 128-bit hash, and the shortest version
of SHA (SHA-1) produces a 160-bit hash, so why is the MD5 output
longer than the SHA output?
The command always produces a different output, so I take it the
hash
is salted in some way? I did a search for "salt" in RFC 2617, but I
got
no matches. What size is the salt and how does it work?
If I have AuthType set to Basic, then everything is done server-
side,
right? So I won't have to worry if the end-users client is
compatible
with my choice of hashing algorithm or not?
-Anonymous
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|