What kind of algorithm does .htpasswd uses?

Question

I am trying to generate this kind of hashes programmatically:

axF3s9cdEnsNP

But I can't identify what kind of hash it is. The hash comes from a .htpasswd file.

All the online htpasswd generators I tried generates different type of hashes.

Eduardo Ivanec · Accepted Answer · 2011-05-12T19:30:04.380

10

It's CRYPT encryption - an old default. You should probably use MD5 or SHA instead - see man htpasswd for more information.

How are you trying to generate your passwords? You could run htpasswd -n -b username password, but most languages probably have a library function for that already.

Perl example:

perl -e 'print crypt("passwordgoeshere","salt") . "\n"'

The second parameter is the salt. As Gerard points out it's better to use a random string as salt.

edited May 12 '11 at 19:30

answered May 12 '11 at 18:51

Eduardo Ivanec

14,531
1
35
42

1

This is *REALLY* insecure. Part of your unencrypted password will show up in the returned digest (in this case it's the "pa" in "papAq5PwY/QQM"). You should use random characters instead: http://dev.perl.org/perl6/rfc/208.html – Gerald Combs May 12 '11 at 19:28

What kind of algorithm does .htpasswd uses?

1 Answers1