I'd like to suggest changing the default crypt scheme of the htpasswd module to something more secure then md5.
Also the documentation regarding crypt schemes looks outdated to me, bcrypt seems to work with apache now.
I was quite suprised that the htpasswd module still uses md5 hashes as default.
The current documentation also suggests that only "apr_md5_crypt, des_crypt, ldap_sha1, plaintext" work "with Apache or Nginx".
That does seem outdated to me, since checkmk uses bcrypt and apache.
Summary
I'd like to suggest changing the default crypt scheme of the htpasswd module to something more secure then md5. Also the documentation regarding crypt schemes looks outdated to me, bcrypt seems to work with apache now.
Issue Type
Feature Idea
Component Name
htpasswd
Additional Information
My reason for this issue is a change by checkmk that deprecates the use of md5 hashes: https://checkmk.com/de/werk/14391
I was quite suprised that the htpasswd module still uses md5 hashes as default.
The current documentation also suggests that only "apr_md5_crypt, des_crypt, ldap_sha1, plaintext" work "with Apache or Nginx". That does seem outdated to me, since checkmk uses bcrypt and apache.
Here is the code that I now use and works fine:
Code of Conduct