On Wed, 20 Feb 2013 16:42:56 +1000 Noel Butler <[email protected]> wrote:
> On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote: > > > > > > > Note he mentioned SHA512, not crypt(). I don't know that this makes > > a difference on that architecture. > > > > > But isn't it just a hand off to system crypt() (modern crypt(), not > the ancient 8 char one), since httpd is limited in native options, > what it doesn't understand is passes to system crypt() to handle. Which remains my point... our current 2.4 and 2.2 candidates should suffer the same flaw.
