sf at sfritsch
Oct 20, 2009, 9:43 AM
Post #3 of 5
(436 views)
Permalink
|
|
Re: svn commit: r826805 - in /httpd/httpd/trunk: CHANGES docs/manual/programs/htpasswd.xml support/htpasswd.c
[In reply to]
|
|
On Tuesday 20 October 2009, William A. Rowe, Jr. wrote:
> >> Change the default algorithm for htpasswd to MD5 on all
> >> platforms. Crypt with its 8 character limit is not useful
> >> anymore.
> >
> >
> > I think it is odd that an interface change like this would
> > be made without discussion on list. What will it break for
> > existing configs? And if we are going to change the default,
> > then we might as well change it to something other than MD5,
> > or at least use extended crypt when available.
>
> Precisely; at least SHA1 is both portable, and slightly more
> resilient than MD5.
>
I sent a mail [1] to the list in July and nobody responded. Therefore
I assumed that nobody has a strong opinion about this. I am sorry if
this was a mistake.
WRT existing configs, this is not a change I would lightly recommend
for backport to 2.2.x, but for 2.4.x it should be ok. Windows users
had md5 as default for ages, and httpd supports it at least since 2.0.
The SHA1 algorithm in htpasswd does not use seeding and is therefore
vulnerable to dictionary and rainbow table attacks. MD5 is the most
secure algorithm that is currently supported.
I am in favour of adding more secure algorithms (bcrypt?), but those
could not be used as default immediately.
[2] has an (outdated) table with brute force speeds, where apache's
MD5 is one of the slowest algorithms. I would be interested in how
fast modern, GPU using password crackers are for the apache MD5
algorithm. But I haven't found any information about this.
Cheers,
Stefan
[1] http://mail-archives.apache.org/mod_mbox/httpd-
dev/200907.mbox/<38988.194.224.98.149.1248943921.squirrel [at] www>
[2] http://c3rb3r.openwall.net/mdcrack/
|
