You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Stefan Fritsch <sf...@sfritsch.de> on 2009/07/30 10:52:01 UTC

Changing the default algorithm in htpasswd

Hi,

given that crypt() hashes can nowadays be brute-forced on commodity
hardware (especially since the password length is limited to 8
characters), wouldn't it make sense for htpasswd to use something stronger
by default?

Cheers,
Stefan