* William A. Rowe, Jr. wrote: > David Jones wrote: > > md5 hash files aren't currently portable between EBCDIC and ASCII > > machines, (sha is, and the initial work to make md5 portable is there). > > > > md5 hash files created using htpasswd -cm are not portable, i.e. you > > can not create them on an EBCDIC platform, move them to an ASCII > > platform and get them to work successfully. > > This is true for both apr-util 1.2.8 and earlier versions. > > > > There does not appear to be any installed EBCDIC base that would > > require a compatability option to generate the current hash. > > (These changes do not affect the hash created on ASCII in anyway) > > First, this would break existing md5 hashes on EBCDIC machines, right?
I guess so. > Second, sha hashes are much more robust now for p/w type usages. > > I'd respectfully suggest that md5 hashes have never really been portable, > they are expressly disallowed by fips-140 policies, and really should > just be neglected into non-existence. Thoughts? Ew. Don't confuse MD5 crypt with MD5 hashes. For password usage MD5 crypt is *much* better than simple SHA1 hashes. nd -- die (eval q-qq:Just Another Perl Hacker :-) # André Malo, <http://www.perlig.de/> #
