As of 2012-6-7, the MD5-Crypt algorithm is “no longer considered safe” by it’s author, who urges migration to newer hash algorithms.
This hash is a variation of md5_crypt, primarily used by the Apache webserver in htpasswd files. It contains only minor changes to the MD5-Crypt algorithm, and should be considered just as weak as MD5-Crypt itself.
This class implements the Apr-MD5-Crypt password hash, and follows the Password Hash Interface.
It supports a variable-length salt.
This format and algorithm of Apache’s MD5-Crypt is identical to the original MD5-Crypt, except for two changes:
See md5_crypt for the format & algorithm descriptions, as well as security notes.
|||Apache’s description of Apr-MD5-Crypt - http://httpd.apache.org/docs/2.2/misc/password_encryptions.html|