Bug #73
closedhttpassword, textdrive and blowfish
Description
trying to get htpasswd basic auth going on TextDrive webhost, who uses blowfish for crypt(), which borks lighttpd's checking of the passwords. not sure if that means lighttpd has to be updated or not, but posting here all the same. here's my original forum thread for the issue at TxD:
http://textdrive.com/forum/viewtopic.php?id=2723
-- scott.maclure
Files
Updated by Anonymous about 18 years ago
I'm having the same problem. My FreeBSD server is configured to used Blowfish encryption for password... So the Crypt function generates blf passwords.
-- crousseau
Updated by Anonymous about 18 years ago
Same problem here, however I'm using md5 for crypt() .
-- tribunal
Updated by Anonymous about 18 years ago
Looking threw src/http_auth.c , it looks like crypt is only using a 2 character salt. For md5 at least to work in crypt , we need at least a 12 character salt. For blowfish it is 16 characters.
-- tribunal
Updated by Anonymous about 18 years ago
Attached is patch which makes md5 for crypt work , however standard des stops working afterwards.
There is probally some better way of doing this?? However this patch works for me.
-- tribunal
Updated by Anonymous about 18 years ago
Jan,
Algorithm Salt
CRYPT_STD_DES 2-character (Default)
CRYPT_EXT_DES 9-character
CRYPT_MD5 12-character beginning with $1$
CRYPT_BLOWFISH 16-character beginning with $2$
-- tribunal
Updated by Anonymous about 18 years ago
Jan,
Algorithm | Salt | |||
CRYPT_STD_DES | 2-character (Default) | |||
CRYPT_EXT_DES | 9-character | |||
CRYPT_MD5 | 12-character beginning with $1$ | |||
CRYPT_BLOWFISH | 16-character beginning with $2$ |
-- tribunal
Updated by jan about 18 years ago
- Status changed from New to Fixed
- Resolution set to fixed
fixed in r710
Also available in: Atom