On Mon, Oct 09, 2017 at 10:44:11PM +0300, Maxim Dounin wrote: > All crypt() schemes available on a particular OS are supported, and > this is what is written in the above paragraph.
I added that note to provide disambiguation that actual libc crypt() is used, I was under assumption that some only "plain old crypt()" is actually supported (like DES one) as the example does not refer to system crypt(), but refers to openssl and htpasswd. I was unaware of platform crypt() call till I have actually looked at the source code :) > It is not clear why to document $5$ and $6$ explicitly. That's just an example. These two are documented in crypt(3) manpage: MD5-based $1$ is already documented and $2a$ is not available in "default" build of glibc. > (Also, it might not be a good idea to actually use $5$ and especially > $6$ crypt schemes for web authentication, as crypt() is needed for > each request, and these schemes are quite CPU intensive.) Yep, that's true, that's 5000 rounds of SHA-2 and that's ~2..3ms of CPU time per request. -- WBRBW, Leonid Evdokimov, xmpp:l...@darkk.net.ru http://darkk.net.ru tel:+79816800702 PGP: 6691 DE6B 4CCD C1C1 76A0 0D4A E1F2 A980 7F50 FAB2
signature.asc
Description: PGP signature
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
