What crypto algorithm would I use to generate the passwords within a htpasswd file?
I'm running a Visual basic program and using an ftp server to FTP up client files. Im creating new directories for each client and want to add some password protection to each clients directory (for http access).
The server runs apache on linux. What I've read is that apache uses a slightly modified version of MD5, as well as the systems base "crypt" method. This page: http://httpd.apache.org/docs/current/programs/htpasswd.html#security seems to say that I can use one of several algorithms. I guess at the moment I am confused as to how it chooses with encryption to use.
The algorithm is chosen by the first sub-field of the password field. A typcial htpasswd file entry looks like this:
ralph:$1$abcd1234$Kx528z52Ohx1JLSzliZmw0
By field:
ralph is the user name
1 is the hash algorithm identifier. 1=md5, 5=sha-256, 6=sha-512
abcd1234 is the salt (not very salty here, usually generated via some pseudo-random technique)
Kx528z52Ohx1JLSzliZmw0 is the hash.
A one-line python command to create the hash using the password and salt as inputs is:
python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$1\$abcd1234\$')"
DISCLAIMER: This answer largely lifted from slm on another forum after <5 minutes of research.