Hi Martin, On Tuesday 04 March 2008, Martin Steigerwald wrote: > htpasswd does weak password salt generation.
the problem is not very severe. Unless an attacker wants to crack a significant number of passwords that were created in the same second (and therefore got the same salt), this weakness is not going to help him. And even the only 20-25 bits of salt effectively used by htpasswd make precomputing rainbowtables for all salt values infeasible. There was also some discussion on bugtraq about this: http://www.securityfocus.com/archive/1/488123/30/30/threaded I agree that this should be fixed in testing/unstable, but I don't think an update for etch is necessary. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
