TWiki Password Encryption

Jeremy Huntwork jhuntwork at
Mon Jul 19 06:18:33 PDT 2004


The TWiki code contains built-in methods for using SHA1 digest
passwords, but the default is to do so only if the server running TWiki
is Windows. Currently the passwords are only encrypted using the crypt()
method.  Seeing that Apache .htpasswd files also support SHA1, it
shouldn't be too difficult to adjust the TWiki code to use that by
default and raise the bar of security a bit.

Any thoughts?

Jeremy Huntwork

More information about the website mailing list