Summary: | [PATCH] crypto: read/write support for SSHA-1 (salted SHA-1) | ||
---|---|---|---|
Product: | APR | Reporter: | Ben Noordhuis <bnoordhuis> |
Component: | APR-util | Assignee: | Apache Portable Runtime bugs mailinglist <bugs> |
Status: | NEW --- | ||
Severity: | enhancement | ||
Priority: | P2 | ||
Version: | HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
SSHA-1 read support.
SSHA-1 write support. |
Description
Ben Noordhuis
2009-05-06 15:23:04 UTC
Created attachment 23621 [details]
SSHA-1 read support.
Created attachment 23622 [details]
SSHA-1 write support.
(In reply to comment #0) > Why, apart from security, is this useful? I can present at least one use > case (ours): when migrating from LDAP-based authentication to .htaccess > authentication. AFAICS, SSHA-1 uses only one round of SHA-1, so it's rather insecure. I don't want to add more insecure hash algorithms to htpasswd. But I would accept the use case of moving from LDAP-based authentication to file based authentication. But for that, only the verify ("read") support would be needed. Do you agree that verify support alone would be useful? |