tags:

views:

27

answers:

1
Q: 

htpasswd - Different output, same username and password

Hello.

I was wondering why even for the same username and the same password, httpasswd outputs a new hash everytime? I tried finding an answer to this question, but couldn't.

+2  A: 

The passwords generated by "htpasswd" use a random salt, to make it harder to guess. It also means that pre-crypted dictionaries for attacks have to be much larger since they have to crypt every possible password with every possible salt.

htpasswd uses crypt(3) behind the scenes.

Paul Tomblin  2010-05-18 11:49:25
Thanks. I was not aware of the random salt.
sukhbir  2010-05-18 12:29:27
`passwd`, the Unix password changing utility does the same thing. (Although these days, many of them do MD5 passwords instead of crypt, so there isn't a salt.)
Paul Tomblin  2010-05-18 13:16:48

related questions

Apache asks the password for each subdomain with htpasswd.
htaccess and htpasswd?
htaccess and htpassword
Setup mecurial to only work with users already authenticated with my server?
htaccess conditionals
.htaccess is interfering with nested .htaccess/.htpasswd?
.htaccess and .htpasswd to prevent access to folder problem
Htaccess... first force www than ask for login
how to generate a hash like apache's htpasswd using java
Can I unprotect a single script via .htaccess using CodeIgniter?
htaccess vs password protected directories
NGINX : Allow users to password protect directories themselves?
Domain specific htpasswd conditions
How to ignore some directory in htpasswd ?
nginx and auth_basic
how can I find the pro Path for the .htpasswd file
HTTP authentication using htaccess/htpasswd ...dialogue box comes up twice...
How to logout when using .htaccess (and .htpasswd) authentication?
Is protecting a website directory with a .htaccess file secure?
Cakephp Password Protection with htaccess and htpasswd - howto?
PHP and htpasswd
How to use htpasswd file in Tomcat 6
Can I copy/paste htpasswd files to my new server?
Programmaticly building htpasswd.