On Wed, Nov 08, 2023 at 03:57:23PM +0100, Patrick Steinhardt wrote: > Regenerate the passwd files to instead use the default password > encryption schema, which is md5. While it feels kind of funny that an > MD5-based encryption schema should be more secure than anything else, it > is the current default and supported by all platforms. Furthermore, it > really doesn't matter all that much given that these files are only used > for testing purposes anyway. Thanks for doing this. I died inside a little while adding the proxy-passwd one recently in 29ae2c9e74 (add basic http proxy tests, 2023-02-16). There I mused about moving to bcrypt in a separate patch, which I think is probably the least-bad option from a security perspective. But I agree that md5 is more likely to be available everywhere, and we certainly don't care about security here. -Peff
