reassign apache2-utils retitle htpasswd should use a more secure password hash by default severity wishlist thanks
> If you create a User/Password combination with htpasswd using the default > CRYPT encryption and a password with more than 8 chars, the Website still > gets you access by typing in the first 8 chars or the complete password. As you already have found out, this is a well known and documented property of the crypt hash. Users may use a different, more secure hash if they want to, but the default should probably be changed, too. However, I am not sure if it would be a good idea to deviate from upstream here. I have asked upstream if they want to change it, let's see what they answer. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
