DES encryption support in Apache htpasswd

Created:

2016-11-16 13:00:12 UTC

Modified:

2017-04-24 12:00:43 UTC

0

Was this article helpful?


Have more questions?

Submit a request

DES encryption support in Apache htpasswd

Applicable to:

  • Plesk for Linux

Symptoms

DES encryption is not working.

Cause

DES encryption is not supported by Apache.

Password encryption formats generated and understood by Apache

There are five formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform:

  • bcrypt
    "$2y$" + the result of the crypt_blowfish algorithm. See the APR source file cryp_blowfish.c for the details of the algorithm.

  • MD5
    "$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.

  • SHA1
    "{SHA}" + Base64-encoded SHA-1 digest of the password. Insecure.

  • CRYPT
    Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password. Insecure.

  • PLAIN TEXT (i.e. unencrypted)
    Windows & Netware only. Insecure.

Resolution

Use htpasswd from apache2-utils package to generate valid and supported passwords

Have more questions? Submit a request
Please sign in to leave a comment.