On Tue, Sep 10, 2002 at 12:08:42AM -0700, Aaron Bannert wrote: > On Mon, Sep 09, 2002 at 11:36:11PM -0700, Justin Erenkrantz wrote: > > But, I still think producing unobfuscated md5 hashes is a useful > > option, so I'll leave this commit in. -- justin > > I'm totally out of my league here, but is this different than say > md5sum? (It still might make sense to keep it, or at least invent > our own md5sum, since apache is probably more portable than md5sum.)
Well, what we do with the -m option to htpasswd is produce a 'special' md5 value prefixed by '$apr_1$' (or something like that). Our apr_password_validate looks for the special string and calls APR's md5 routines if it sees it (bypassing crypt() I think). This option to htpasswd skips that whole logic and produces a true md5 hash. Yeah, a program in apr-util/test that was md5sum would be really nice and prolly really easy to write. =) -- justin