[thelist] crypt, salt, and htaccess

R.Livsey R.Livsey at cache-22.co.uk
Thu Jan 2 10:38:00 CST 2003

deke wrote:

>I'm trying to "roll my own" web interface for htaccess access control.
>The format for the password file is apparently
>where PASSWORD is actually the crypt() of the *real* password.
>But I can't see how to tell Apache what the *salt* is. How can Apache
>encrypt an entered password and see if it matches the stored password,
>if it doesn't know what salt was used?
The salt is encoded in the first 2 letters of the cyphertext generated
by crypt.
IE 'foo' crypted with a salt of Sd gives 'SdcTDnCiKeIMg'. note the Sd at
the begining of the cyphertext which corresponds to the salt used.



More information about the thelist mailing list