[plug] Apache & htpasswd
Christian
christian at amnet.net.au
Mon May 21 12:17:51 WST 2001
On Mon, May 21, 2001 at 12:09:59PM +0800, Brian Tombleson wrote:
> Re Christian: sorry about the confusion between hashing and encryption, I'm
> the first to admit I am not fluent in the underlying theories and the
> semnatics. It's really just the implementation that I'm concerned about at
> this stage.
I wasn't actually just being pedantic for the sake of it. :) If the
passwords were encrypted then we could just ask someone for the key.
Since they are stored as the output from a one-way hash function, this
isn't possible. In theory at least one-way hash functions tend to be,
well, one-way. Your only hope of reversing them would be mounting a
brute force dictionary attack which would likely be successful against a
good percentage of them but would take some time against 1400 passwords
and you would never get 100%.
> Thanks for your help Simon and Christian, I'll wait to hear from the
> idio^H^H^H^H original hosters to see what we can do and then probably write
> the scripts as recommended.
Good luck. :)
--
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066 7267 8BED E9D6 0EC1 D28C
More information about the plug
mailing list