What kind of algorithm does .htpasswd uses?
8,440
It's CRYPT encryption - an old default. You should probably use MD5 or SHA instead - see man htpasswd
for more information.
How are you trying to generate your passwords? You could run htpasswd -n -b username password
, but most languages probably have a library function for that already.
Perl example:
perl -e 'print crypt("passwordgoeshere","salt") . "\n"'
The second parameter is the salt. As Gerard points out it's better to use a random string as salt.
Author by
trevhas
Updated on September 18, 2022Comments
-
trevhas over 1 year
I am trying to generate this kind of hashes programmatically:
axF3s9cdEnsNP
But I can't identify what kind of hash it is. The hash comes from a .htpasswd file.
All the online htpasswd generators I tried generates different type of hashes.
-
Denys about 13 yearsThis is REALLY insecure. Part of your unencrypted password will show up in the returned digest (in this case it's the "pa" in "papAq5PwY/QQM"). You should use random characters instead: dev.perl.org/perl6/rfc/208.html