mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
96473f525d
This reverts commit eef9b2529c.
It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.
That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.
With a rainbow table, cracking "SHA" is easily done.
A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.
Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>