Hello, Joshua Slive <joshua@xxxxxxxx> wrote: > The password formats are described in detail here: > http://httpd.apache.org/docs/2.2/misc/password_encryptions.html Thanks, that explains a lot. But why are Crypt and MD5 hashes salted, and SHA is not? Joshua Slive <joshua@xxxxxxxx> wrote: > crytp was the long-time standard, and therefore used by > default on all unix platforms to allow backward compatibility. Crypt seems like a bad choice since it only uses the first 8 characters of the password. I'd prefer not to use it. I won't have any problems if I use MD5 or SHA on a modern GNU/Debian or Ubuntu server, will I? I know SHA-1 is more secure than MD5, but is the unsalted SHA password considered more secure than the salted MD5? I want to use the most secure option, and I don't care about backward compatibility. Is this correct: If AuthType is set to Basic, then the password is sent in plain text, and no support for Crypt/MD5/SHA in the browser is needed, it's only needed on the server? Joshua Slive <joshua@xxxxxxxx> wrote: > Why anonymous? Are you up to no good? It's just a habbit, I try not to leave personal information all over the net. Thanks for your reply, it was very helpful. -Anonymous --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|