On Wed, 26 May 2004, Stas Bekman wrote: > [EMAIL PROTECTED] wrote:
> > Also it will show you how to generate the data for yourself. > > Unfortunately at the moment I have no time to figure it out. Though it worries > me that I couldn't get non-apr md5/sha1 generators' output pass > password_validate. This one, at least, is easy to explain. We use a non-standard prefix in the encrypted password to tell APR what type of password it is. That way, the one function can decrypt _any_ format it understands without having to be re-built. If you look at the passwords htpasswd generated, the prefix for all md5 passwords is the same, same for sha1 (although it is different from the md5 prefix). This is the same model that *BSD uses IIRC. Ryan
