[thelist] crypt, salt, and htaccess
R.Livsey
R.Livsey at cache-22.co.uk
Thu Jan 2 10:38:00 CST 2003
deke wrote:
>I'm trying to "roll my own" web interface for htaccess access control.
>
>The format for the password file is apparently
>username:PASSWORD
>where PASSWORD is actually the crypt() of the *real* password.
>
>But I can't see how to tell Apache what the *salt* is. How can Apache
>encrypt an entered password and see if it matches the stored password,
>if it doesn't know what salt was used?
>
>
The salt is encoded in the first 2 letters of the cyphertext generated
by crypt.
IE 'foo' crypted with a salt of Sd gives 'SdcTDnCiKeIMg'. note the Sd at
the begining of the cyphertext which corresponds to the salt used.
hth
R.Livsey
More information about the thelist
mailing list