André Malo wrote: > > Ew. Don't confuse MD5 crypt with MD5 hashes. For password usage MD5 crypt is > *much* better than simple SHA1 hashes.
I'm not; I'm saying they are the same number of bits, so likely equally decomposable? But my first argument remains; if we break the expected behavior, we instantly render all previous generated hashes irreconcilable. So it really seems like an apr-1.3 change, if that, and httpd-2.4/3.0 if that was what the poster was getting at. Bill
