Ever wondered how does the encryption work in the htpasswd file? How is it generated and encrypted.<\/p>\n
I’ve been doing some researches, and eventually figured it out.<\/p>\n
When using SSH, assuming I run the following command several times to generate an htpasswd as follows:<\/p>\n
<\/p>\n
Notice how the encrypted password is changing everytime, this is because the salt value is randomly generated, then encrypted with the original password.
encrypted password = random 2 characters salt value + mypassword<\/b><\/p>\n
The salt is always the first 2 characters of the encrypted password. For example, in the first example above, the randomly generated salt is: p0<\/b><\/p>\n
I will write a small example using php, that will use the first 3 examples above.<\/p>\n
No matter how many times you run the above php example, the output will always be the same:<\/p>\n
Ever wondered how does the encryption work in the htpasswd file? How is it generated and encrypted. I’ve been doing some researches, and eventually figured it out. When using SSH, assuming I run the following command several times to generate an htpasswd as follows: htpasswd -nb etiennerached mypassword etiennerached:p0FEPJ99fga.w htpasswd -nb etiennerached mypassword etiennerached:AkKLGrnC3dxJg htpasswd […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[40,85,6,28,7],"tags":[],"class_list":["post-87","post","type-post","status-publish","format-standard","hentry","category-htaccess","category-htpasswd","category-linux","category-security","category-ssh"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/87","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=87"}],"version-history":[{"count":0,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/87\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=87"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=87"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=87"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}