Re: Authentication Basic default format
On Wednesday 21 October 2009, José Miguel Holguín Aparicio wrote: I have a question about htpasswd when creating password hashes for Basic Authentication. Why there isn't any warning message regarding password truncate to 8 characters? As you can see at your own documentation (http://httpd.apache.org/docs/2.2/misc/password_encryptions.html), OpenSSL is already warning us about this issue. In my opinion htpasswd command must show a warning message like OpenSSL does. Do you agree? Yes. Commited to trunk as r829162. Cheers, Stefan
Authentication Basic default format
Hi, I have a question about htpasswd when creating password hashes for Basic Authentication. Why there isn't any warning message regarding password truncate to 8 characters? As you can see at your own documentation (http://httpd.apache.org/docs/2.2/misc/password_encryptions.html), OpenSSL is already warning us about this issue. In my opinion htpasswd command must show a warning message like OpenSSL does. Do you agree? Thanks in advance. Regards -- José Miguel Holguín Security Technical Consultant Carnegie Mellon Certified (FIH) http://www.pentester.es
