diff --git a/STATUS b/STATUS index 6d4e7dfbbd..bb9a751d02 100644 --- a/STATUS +++ b/STATUS @@ -110,12 +110,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: +1: rjung, jorton, jim rjung: sf: you applied it to trunk, care to vote? - * htpasswd: Note more prominently that SHA and crypt are insecure. - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352910 - 2.4.x patch: trunk patch works - +1: rjung, humbedooh, jim - rjung: sf: you applied it to trunk, care to vote? - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/docs/manual/programs/htpasswd.xml b/docs/manual/programs/htpasswd.xml index f08caf37c7..b254e141d4 100644 --- a/docs/manual/programs/htpasswd.xml +++ b/docs/manual/programs/htpasswd.xml @@ -108,11 +108,13 @@ distribution.
-d
crypt()
encryption for passwords. This is not
supported by the -s
-p
htpasswd
will support
@@ -200,6 +202,9 @@ distribution.
there is only one encrypted representation. The crypt()
and
MD5 formats permute the representation by prepending a random salt string,
to make dictionary attacks against the passwords more difficult.
+
+ The SHA and crypt()
formats are insecure by today's
+ standards.