Why? 2.2 and 2.4 (and 1.3) all support MD5/SHA1/(local implementation of)crypt except win32 which had no crypt.
The only advantage to MD5 (SHA1) is that pw's are never 8 chars truncated, and they don't depend on the local crypt implementation, so they don't vary between boxes. Jim Jagielski wrote: > Wouldn't this be Bad Majo for anyone upgrading from 2.2 to 2.4? > > On Oct 19, 2009, at 4:53 PM, s...@apache.org wrote: > >> Author: sf >> Date: Mon Oct 19 20:53:04 2009 >> New Revision: 826805 >> >> URL: http://svn.apache.org/viewvc?rev=826805&view=rev >> Log: >> Change the default algorithm for htpasswd to MD5 on all platforms. Crypt >> with its 8 character limit is not useful anymore. >> > > >
