I've been doing some researches, and eventually figured it out.
When using SSH, assuming I run the following command several times to generate an htpasswd as follows:
htpasswd -nb etiennerached mypassword
etiennerached:p0FEPJ99fga.w
htpasswd -nb etiennerached mypassword
etiennerached:AkKLGrnC3dxJg
htpasswd -nb etiennerached mypassword
etiennerached:VXCzxLkPSPiqk
htpasswd -nb etiennerached mypassword
etiennerached:OsujIRvCzizNQ
htpasswd -nb etiennerached mypassword
etiennerached:JGGCmdumwTELE
htpasswd -nb etiennerached mypassword
etiennerached:afahDzXYADiBQ
htpasswd -nb etiennerached mypassword
etiennerached:nWTvxNMyIABbI
Notice how the encrypted password is changing everytime, this is because the salt value is randomly generated, then encrypted with the original password.
encrypted password = random 2 characters salt value + mypassword
The salt is always the first 2 characters of the encrypted password. For example, in the first example above, the randomly generated salt is: p0
I will write a small example using php, that will use the first 3 examples above.
<?php
echo crypt('mypassword','p0');
echo '<br />';
echo crypt('mypassword','Ak');
echo '<br />';
echo crypt('mypassword','VX');
?>
echo crypt('mypassword','p0');
echo '<br />';
echo crypt('mypassword','Ak');
echo '<br />';
echo crypt('mypassword','VX');
?>
No matter how many times you run the above php example, the output will always be the same:
p0FEPJ99fga.w
AkKLGrnC3dxJg
VXCzxLkPSPiqk
AkKLGrnC3dxJg
VXCzxLkPSPiqk
No comments:
Post a Comment