Re: htpasswd questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/07, anon6565@xxxxxxxxxxxx <anon6565@xxxxxxxxxxxx> wrote:
> Hello,
>
> Joshua Slive <joshua@xxxxxxxx> wrote:
> > The password formats are described in detail here:
> > http://httpd.apache.org/docs/2.2/misc/password_encryptions.html
>
> Thanks, that explains a lot. But why are Crypt and MD5 hashes
> salted, and SHA is not?

I don't know the answer to that one. Cryptography is not my thing. But
I suspect that sha is hard to reverse even without the sale.

> Crypt seems like a bad choice since it only uses the first 8
> characters of the password. I'd prefer not to use it. I won't have
> any problems if I use MD5 or SHA on a modern GNU/Debian or Ubuntu
> server, will I?

Nope. Shouldn't be any problem at all.

> Is this correct: If AuthType is set to Basic, then the password is
> sent in plain text, and no support for Crypt/MD5/SHA in the browser
> is needed, it's only needed on the server?

It's base64 encoded, rather than plain text. But the effect is the
same. So yes, the client doesn't need any of these functions for basic
auth.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux