Re: htpasswd questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Joshua Slive <joshua@xxxxxxxx> wrote:
> The password formats are described in detail here:
> http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

Thanks, that explains a lot. But why are Crypt and MD5 hashes 
salted, and SHA is not?

Joshua Slive <joshua@xxxxxxxx> wrote:
> crytp was the long-time standard, and therefore used by
> default on all unix platforms to allow backward compatibility.

Crypt seems like a bad choice since it only uses the first 8 
characters of the password. I'd prefer not to use it. I won't have 
any problems if I use MD5 or SHA on a modern GNU/Debian or Ubuntu 
server, will I?

I know SHA-1 is more secure than MD5, but is the unsalted SHA 
password considered more secure than the salted MD5? I want to use 
the most secure option, and I don't care about backward 
compatibility.

Is this correct: If AuthType is set to Basic, then the password is 
sent in plain text, and no support for Crypt/MD5/SHA in the browser 
is needed, it's only needed on the server?

Joshua Slive <joshua@xxxxxxxx> wrote:
> Why anonymous? Are you up to no good?

It's just a habbit, I try not to leave personal information all 
over the net. Thanks for your reply, it was very helpful.

-Anonymous



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux