Hello, I posted this to users list last week but no-one bit, so I'm trying here.
With md5crypt no longer recommended for use by its author, will Apache soon support sha256/sha512 in basic authentication via MySQL. I understand the apr version is different to plain md5crypt, but it is based on the same thing from what I can tell, so its pointless upgrading our database passwords to use sha512 if Apache's still the weak link. All admin scripts run in perl, and we are currently doing this with apache_md5_crypt($password); using Crypt::PasswdMD5 For Mail and FTP, we are _now_ successfully using crypt($password, '$6$' . $16charsalt) for sha512, be nice if Apache basic auth would too! Apache currently only offers SHA1 which is about as secure (can be read as , as hopeless as) MD5. Can the project devs/team leaders indicate if there are future plans to mnprove the basic auth security methods up to SHA512? nik
