Quote:
Originally Posted by k0nr4d
It has not been abandoned, and there are no security issues with it other then that it doesn't natively offer any protection against bruteforce. If you are using Apache 2.4, then the algo you want to use to generate the passwords is bcrypt. None of the algos are INSECURE in practice. Google cracked SHA1 but a single phrase would apparently take a single GPU 110 years to crack so in practice no one is really gonna get through it. The only really insecure hash is unsalted MD5 because it can be reversed using rainbow tables.
|
Thank-you. I really appreciate all this information. It will save me a lot of time.
