You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2020/12/17 12:48:30 UTC
svn commit: r1884553 [3/3] - in /httpd/httpd/trunk/docs/manual:
mod/directives.html.en.utf8 mod/mod_ssl.html.en.utf8
mod/quickreference.html.en.utf8 programs/dbmmanage.html.en.utf8
programs/htdbm.html.en.utf8 programs/htpasswd.html.en.utf8
Modified: httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en.utf8?rev=1884553&r1=1884552&r2=1884553&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/programs/dbmmanage.html.en.utf8 [utf-8] Thu Dec 17 12:48:30 2020
@@ -76,7 +76,7 @@
may not contain a colon (<code>:</code>).</dd>
<dt><code><var>encpasswd</var></code></dt>
- <dd>This is the already encrypted password to use for the
+ <dd>This is the already hashed password to use for the
<code>update</code> and <code>add</code> commands. You may use a hyphen
(<code>-</code>) if you want to get prompted for the password, but fill
in the fields afterwards. Additionally when using the <code>update</code>
@@ -99,13 +99,13 @@
<h3><a name="options.encodings" id="options.encodings">Encodings</a></h3>
<dl>
<dt><code>-d</code></dt>
- <dd>crypt encryption (default, except on Win32, Netware)</dd>
+ <dd>crypt hashing (default, except on Win32, Netware)</dd>
<dt><code>-m</code></dt>
- <dd>MD5 encryption (default on Win32, Netware)</dd>
+ <dd>MD5 hashing (default on Win32, Netware)</dd>
<dt><code>-s</code></dt>
- <dd>SHA1 encryption</dd>
+ <dd>SHA1 hashing</dd>
<dt><code>-p</code></dt>
<dd>plaintext (<em>not recommended</em>)</dd>
@@ -116,7 +116,7 @@
<dl>
<dt><code>add</code></dt>
<dd>Adds an entry for <var>username</var> to <var>filename</var> using the
- encrypted password <var>encpasswd</var>.
+ hashed password <var>encpasswd</var>.
<div class="example"><p><code>dbmmanage passwords.dat add rbowen foKntnEF3KSXA</code></p></div>
</dd>
Modified: httpd/httpd/trunk/docs/manual/programs/htdbm.html.en.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/htdbm.html.en.utf8?rev=1884553&r1=1884552&r2=1884553&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/htdbm.html.en.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/programs/htdbm.html.en.utf8 [utf-8] Thu Dec 17 12:48:30 2020
@@ -155,27 +155,27 @@
cannot be combined with the <code>-c</code> option.</dd>
<dt><code>-m</code></dt>
- <dd>Use MD5 encryption for passwords. On Windows and Netware, this is
+ <dd>Use MD5 hashing for passwords. On Windows and Netware, this is
the default.</dd>
<dt><code>-B</code></dt>
- <dd>Use bcrypt encryption for passwords. This is currently considered to
+ <dd>Use bcrypt hashing for passwords. This is currently considered to
be very secure.</dd>
<dt><code>-C</code></dt>
<dd>This flag is only allowed in combination with <code>-B</code> (bcrypt
- encryption). It sets the computing time used for the bcrypt algorithm
+ hashing). It sets the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).</dd>
<dt><code>-d</code></dt>
- <dd>Use <code>crypt()</code> encryption for passwords. The default on all
+ <dd>Use <code>crypt()</code> hashing for passwords. The default on all
platforms but Windows and Netware. Though possibly supported by
<code>htdbm</code> on all platforms, it is not supported by the
<code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and Netware.
This algorithm is <strong>insecure</strong> by today's standards.</dd>
<dt><code>-s</code></dt>
- <dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
+ <dd>Use SHA hashing for passwords. Facilitates migration from/to Netscape
servers using the LDAP Directory Interchange Format (ldif).
This algorithm is <strong>insecure</strong> by today's standards.</dd>
@@ -215,7 +215,7 @@
does exist, the password is changed.</dd>
<dt><code><var>password</var></code></dt>
- <dd>The plaintext password to be encrypted and stored in the DBM file.
+ <dd>The plaintext password to be hashed and stored in the DBM file.
Used only with the <code>-b</code> flag.</dd>
<dt><code>-T<var>DBTYPE</var></code></dt>
@@ -261,7 +261,7 @@
<p>Adds or modifies the password for user <code>jsmith</code>. The user
is prompted for the password. If executed on a Windows system, the password
- will be encrypted using the modified Apache MD5 algorithm; otherwise, the
+ will be hashed using the modified Apache MD5 algorithm; otherwise, the
system's <code>crypt()</code> routine will be used. If the file does not
exist, <code>htdbm</code> will do nothing except return an error.</p>
@@ -302,14 +302,14 @@
not be fetchable with a browser.</p>
<p>The use of the <code>-b</code> option is discouraged, since when it is
- used the unencrypted password appears on the command line.</p>
+ used the plaintext password appears on the command line.</p>
<p>When using the <code>crypt()</code> algorithm, note that only the first
8 characters of the password are used to form the password. If the supplied
password is longer, the extra characters will be silently discarded.</p>
- <p>The SHA encryption format does not use salting: for a given password,
- there is only one encrypted representation. The <code>crypt()</code> and
+ <p>The SHA hashing option does not use salting: for a given password,
+ there is only one hashed representation. The <code>crypt()</code> and
MD5 formats permute the representation by prepending a random salt string,
to make dictionary attacks against the passwords more difficult.</p>
@@ -318,13 +318,13 @@
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="restrictions" id="restrictions">Restrictions</a> <a title="Permanent link" href="#restrictions" class="permalink">¶</a></h2>
- <p>On the Windows platform, passwords encrypted with
+ <p>On the Windows platform, passwords hashed with
<code>htdbm</code> are limited to no more than <code>255</code>
characters in length. Longer passwords will be truncated to 255
characters.</p>
<p>The MD5 algorithm used by <code>htdbm</code> is specific to the Apache
- software; passwords encrypted using it will not be usable with other Web
+ software; passwords hashed using it will not be usable with other Web
servers.</p>
<p>Usernames are limited to <code>255</code> bytes and may not include the
Modified: httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en.utf8?rev=1884553&r1=1884552&r2=1884553&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en.utf8 [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/programs/htpasswd.html.en.utf8 [utf-8] Thu Dec 17 12:48:30 2020
@@ -38,18 +38,18 @@
<p>Resources available from the Apache HTTP server can be restricted to
just the users listed in the files created by <code>htpasswd</code>. This
program can only manage usernames and passwords stored in a flat-file. It
- can encrypt and display password information for use in other types of data
+ can hash and display password information for use in other types of data
stores, though. To use a DBM database see <code class="program"><a href="../programs/dbmmanage.html">dbmmanage</a></code> or
<code class="program"><a href="../programs/htdbm.html">htdbm</a></code>.</p>
- <p><code>htpasswd</code> encrypts passwords using either bcrypt, a
+ <p><code>htpasswd</code> hashes passwords using either bcrypt, a
version of MD5 modified for Apache, SHA-1, or the system's
<code>crypt()</code> routine. SHA-2-based hashes (SHA-256 and
SHA-512) are supported for <code>crypt()</code>. Files managed by
<code>htpasswd</code> may contain a mixture of different encoding
types of passwords; some user records may have bcrypt or
- MD5-encrypted passwords while others in the same file may have
- passwords encrypted with <code>crypt()</code>.</p>
+ MD5-hashed passwords while others in the same file may have
+ passwords hashed with <code>crypt()</code>.</p>
<p>This manual page only lists the command line arguments. For details of
the directives necessary to configure user authentication in
@@ -147,7 +147,7 @@ distribution.</li><li><a href="#comments
one) is omitted. It cannot be combined with the <code>-c</code> option.</dd>
<dt><code>-m</code></dt>
- <dd>Use MD5 encryption for passwords. This is the default (since version
+ <dd>Use MD5 hashing for passwords. This is the default (since version
2.2.18).</dd>
<dt><code>-2</code></dt>
@@ -159,12 +159,12 @@ distribution.</li><li><a href="#comments
supported on most Unix platforms.</dd>
<dt><code>-B</code></dt>
- <dd>Use bcrypt encryption for passwords. This is currently considered to
+ <dd>Use bcrypt hashing for passwords. This is currently considered to
be very secure.</dd>
<dt><code>-C</code></dt>
<dd>This flag is only allowed in combination with <code>-B</code> (bcrypt
- encryption). It sets the computing time used for the bcrypt algorithm
+ hashing). It sets the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 17).</dd>
<dt><code>-r</code></dt>
@@ -174,14 +174,14 @@ distribution.</li><li><a href="#comments
5,000).</dd>
<dt><code>-d</code></dt>
- <dd>Use <code>crypt()</code> encryption for passwords. This is not
+ <dd>Use <code>crypt()</code> hashing for passwords. This is not
supported by the <code class="program"><a href="../programs/httpd.html">httpd</a></code> server on Windows and
Netware. This algorithm limits the password length to 8 characters.
This algorithm is <strong>insecure</strong> by today's standards.
It used to be the default algorithm until version 2.2.17.</dd>
<dt><code>-s</code></dt>
- <dd>Use SHA-1 (160-bit) encryption for passwords. Facilitates migration
+ <dd>Use SHA-1 (160-bit) hashing for passwords. Facilitates migration
from/to Netscape servers using the LDAP Directory Interchange
Format (ldif). This algorithm is <strong>insecure</strong> by
today's standards.</dd>
@@ -211,7 +211,7 @@ distribution.</li><li><a href="#comments
does exist, the password is changed.</dd>
<dt><code><var>password</var></code></dt>
- <dd>The plaintext password to be encrypted and stored in the file. Only
+ <dd>The plaintext password to be hashed and stored in the file. Only
used with the <code>-b</code> flag.</dd>
</dl>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -236,7 +236,7 @@ distribution.</li><li><a href="#comments
</code></p></div>
<p>Adds or modifies the password for user <code>jsmith</code>. The user
- is prompted for the password. The password will be encrypted using the
+ is prompted for the password. The password will be hashed using the
modified Apache MD5 algorithm. If the file does not exist,
<code>htpasswd</code> will do nothing except return an error.</p>
@@ -267,14 +267,14 @@ distribution.</li><li><a href="#comments
setuid.</p>
<p>The use of the <code>-b</code> option is discouraged, since when it is
- used the unencrypted password appears on the command line.</p>
+ used the plaintext password appears on the command line.</p>
<p>When using the <code>crypt()</code> algorithm, note that only the first
8 characters of the password are used to form the password. If the supplied
password is longer, the extra characters will be silently discarded.</p>
- <p>The SHA-1 encryption format does not use salting: for a given
- password, there is only one encrypted representation. The
+ <p>The SHA-1 hashing format does not use salting: for a given
+ password, there is only one hashed representation. The
<code>crypt()</code> and MD5 formats permute the representation by
prepending a random salt string, to make dictionary attacks
against the passwords more difficult.</p>
@@ -289,13 +289,13 @@ distribution.</li><li><a href="#comments
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="restrictions" id="restrictions">Restrictions</a> <a title="Permanent link" href="#restrictions" class="permalink">¶</a></h2>
- <p>On the Windows platform, passwords encrypted with
+ <p>On the Windows platform, passwords hashed with
<code>htpasswd</code> are limited to no more than <code>255</code>
characters in length. Longer passwords will be truncated to 255
characters.</p>
<p>The MD5 algorithm used by <code>htpasswd</code> is specific to the Apache
- software; passwords encrypted using it will not be usable with other Web
+ software; passwords hashed using it will not be usable with other Web
servers.</p>
<p>Usernames are limited to <code>255</code> bytes and may not include the