Creating htpasswd compatible passwords

Mark Smith lists at futilism.com
Sun Mar 22 10:53:07 EDT 2009


If the sha1 type is acceptable, you can use either my sha1  
implementation or the openssl command line to generate a sha1 digest  
of the password to end up with this form:

username:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= (simple)
username:{SSHA}sVp7Y6h1ZtYAvp3UbsbZlQYACaU= (salted, more secure)

if you were going to use my sha1 (libHash-Hmac) then you could do this

function htpasswd.sha1 pPword
    return "{SHA}" & sha1.b64(pPword)
end htpasswd.sha1

----

function htpasswd.sha1.salted pPword
    put numtochar(random(255)) & numtochar(random(255)) into tSalt
    return "{SSHA}" & sha1.b64(pPword & tSalt) & base64encode(tSalt)
end htpasswd.sha1.salted


In fact, I might add those to the library.

Best,

Mark


On 22 Mar 2009, at 00:35, Marty Knapp wrote:

> Has anyone used Rev to create encrypted passwords that are  
> compatible with htpasswd to protect areas of your web site? I know  
> absolutely nothing about encryption. I've spent a few hours poking  
> around the internet trying to find something that I can use for a  
> utility I need to make. I found lots of web sites that will  
> generate an encrypted password, but I don't really want to go that  
> route.
>
> Thanks for any help,
> Marty Knapp
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution




More information about the use-livecode mailing list