Bug 62149 - Passwords hashed with SHA-512 are not cached
Summary: Passwords hashed with SHA-512 are not cached
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authn_socache (show other bugs)
Version: 2.4.6
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-01 15:20 UTC by thorsten.meinl
Modified: 2018-03-01 15:20 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description thorsten.meinl 2018-03-01 15:20:04 UTC
Passwords hashed with SHA-512 are more than 100 bytes long, including the crypt header and salt, e.g.

$6$3OGMZTLTfPf8nUS$sh4NpsJ4BnL8P6dBVlpWDhZYNJX0xPJ8VsELF1VuTLENykLJ7SvDEWRneAednI2FdCyejCq5gIyfEAFJvXCdI0

This leads to problems when using mod_authn_socache in combination with socache_shmcb (and probably also others) because MAX_VAL_LEN, which is the maximum amount of data when an entry is retrieved from the cache, is too small. Increasing it from 100 to 128 solved the problem.

I consider this a major problem because it renders some of our services unusable when the passwords are stored in an SQL database.