When I want to use authentication for the wepages access, I use Hiawatha v10.5 (yes, I should upgrade).
My passwords for protection on directories I generate passwords with wigwam -b .... These are stored in .htpassword files.
And I believe Hiawatha is secure, so my .htpassword is not retrievable by default.
But suppose I made a wrong configuration, and the file was downloaded in some way, can this file be decrypted with brute force effort in a small time frame?
Looking in your sourcefiles https://github.com/hsleisink/hiawatha/blob/master/src/wigwam.c
I notice MD5 references.
For basic, crypt is being used with MD5 hashing
For digest, mbedtls_md5 is being used.
Reading the FAQ at https://crackstation.net/hashing-security.htm#faq
, I could be doubting about security because of the MD5 mentioning in your code.
So could this be a security issue? (I presume not, but asking is better
Thanks in advance,