.htpasswd Password Generator

This page is for generating text to insert into a .htpasswd file which is used with a .htaccess file in order to password protect an area of a website. An example of a password protected page / folder can be seen here. Username is USER and password is password. Note, they are case sensitive! Output is generated as you type so you dont have to press the 'Encrypt Password' button, but it's there for fun anyway! Try pressing it again and again to see the many random encrypted passwords created (with crypt and MD5 anyway!)

Copy and paste the line below into your .htpasswd file:

About encrypting algorithms.
Visitor authentication depends on the HTTP server software and it's operating system.
(Plain Text)
The Apache httpd daemon will only accept plain text passwords on Windows, BEOS, & Netware.
Crypt DES-based algorithm. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password. Note that only the first 8 characters of the password are used to form the password with this algorithm. If the supplied password is longer, the extra characters will be silently discarded.

"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. The MD5 algorithm used by htpasswd is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers.

SHA "{SHA}" + Base64-encoded SHA-1 digest of the password. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif).
Some more information about apache password formats can be found here.

An example of the contents of the .htaccess file are below. The first line must contain the full server path to the .htpasswd file. Place this php file in your directory and point to it in your browser to find your server path.

Crypt, MD5 and SHA encrypted passwords can also be created using htpasswd command in a terminal on Mac OS X and Linux (with the apache2-utils). Typing htpasswd will show the options:

htpasswd MAC OSX

We want to use the flags -nb and either d for CRYPT, m for MD5 or s for SHA. Examples are in the table and the screenshot below.

Crypt $ htpasswd -nbd username password
MD5 $ htpasswd -nbm username password
SHA $ htpasswd -nbs username password

Mac OS X
htpasswd MAC OSX

Ubuntu Linux
htpasswd Ubuntu Linux

On Mac OS X and Linux, the flags -nbp do not encrypt the password and just leave it as plain text. It is kind of pointless but gives a funny message!
htpassword Mac OSX plain text