Thread (26 messages) 26 messages, 2 authors, 2023-11-10

Re: [PATCH v2 2/3] t/lib-httpd: stop using legacy crypt(3) for authentication

From: Jeff King <hidden>
Date: 2023-11-08 17:02:07

On Wed, Nov 08, 2023 at 03:57:23PM +0100, Patrick Steinhardt wrote:
Regenerate the passwd files to instead use the default password
encryption schema, which is md5. While it feels kind of funny that an
MD5-based encryption schema should be more secure than anything else, it
is the current default and supported by all platforms. Furthermore, it
really doesn't matter all that much given that these files are only used
for testing purposes anyway.
Thanks for doing this. I died inside a little while adding the
proxy-passwd one recently in 29ae2c9e74 (add basic http proxy tests,
2023-02-16). There I mused about moving to bcrypt in a separate patch,
which I think is probably the least-bad option from a security
perspective. But I agree that md5 is more likely to be available
everywhere, and we certainly don't care about security here.

-Peff
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help