httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bo Berglund <bo.bergl...@gmail.com>
Subject [users@httpd] Does Apache htpasswd using md5 match the PHP md5 function result?
Date Thu, 02 May 2013 17:50:31 GMT
I am trying to understand the use of MD5 as passwords for Apache,
previously I have always used CRYPT:ed passwords in my .htpasswd file.
Because Apache on Windows does not allow CRYPT:ed passwords (see
earlier thread) I am investigating the MD5 possibility.
The problem I have is that I need to let my code generate the hashes
written to the .htpasswd file in such a way that Apache will be OK
with them.
When reading the PHP documentation I find that the output of the md5()
function is a 32 byte hex string.
But the hash generated by the Apache htpasswd command on Windows
produces hashes like this:
$apr1$44sXxXbW$ZUtMUVZGDp1wSR6dEFguq0

As you can see this is clearly NOT a hex string at all!!!

So is it possible with PHP to generate the .htpasswd file in a format
that comlies with what Apache needs?

And can PHP check if a password hash matches the user supplied
password after it has been hashed using MD5?


-- 
Bo Berglund
Developer in Sweden


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message