About encrypting algorithms.
Visitor authentication depends on the HTTP server software and it's operating system. |
None
(Plain Text) |
The Apache httpd daemon will only accept plain text passwords on Windows, BEOS, & Netware. |
| Crypt |
DES-based algorithm. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password. Note that only the first 8 characters of the password are used to form the password with this algorithm. If the supplied password is longer, the extra characters will be silently discarded. |
| MD5 |
"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. The MD5 algorithm used by htpasswd is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers. |
| SHA |
"{SHA}" + Base64-encoded SHA-1 digest of the password. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif). |
| Some more information about apache password formats can be found here. |
An example of the contents of the .htaccess file are below. The first line must contain the full server path to the .htpasswd file. Place this php file in your directory and point to it in your browser to find your server path.
Crypt, MD5 and SHA encrypted passwords can also be created using htpasswd command in a terminal on Mac OS X and Linux (with the apache2-utils). Typing htpasswd will show the options:
We want to use the flags -nb and either d for CRYPT, m for MD5 or s for SHA. Examples are in the table and the screenshot below.
| Crypt |
$ htpasswd -nbd username password |
| MD5 |
$ htpasswd -nbm username password |
| SHA |
$ htpasswd -nbs username password |
Mac OS X
Ubuntu Linux
On Mac OS X and Linux, the flags -nbp do not encrypt the password and just leave it as plain text. It is kind of pointless but gives a funny message!
