[thelist] crypt, salt, and htaccess

Dean Mah dmah at members.evolt.org
Thu Jan 2 10:49:00 CST 2003

On Thu, Jan 02, 2003 at 11:18:10AM -0500, deke  wrote:
> I'm trying to "roll my own" web interface for htaccess access control.
> The format for the password file is apparently
> username:PASSWORD
> where PASSWORD is actually the crypt() of the *real* password.
> But I can't see how to tell Apache what the *salt* is. How can Apache
> encrypt an entered password and see if it matches the stored password,
> if it doesn't know what salt was used?

The salt is the first two characters of the encrypted password.  If it
is a new password, you just randomly choose the salt.


More information about the thelist mailing list