Creating htpasswd compatible passwords
Marty Knapp
martyknapp at comcast.net
Fri Mar 27 23:13:08 EDT 2009
Just got back from a trade show (National Association of Corrosion
Engineers - sound exciting?!) I'll download your library and tinker with it.
Thanks Mark.
Marty Knapp
> In fact, ig (and a verify function).
>
> It's at: http://futsoft.futilism.com/revolutionstuff.html
>
>
> best,
>
> Mark
>
> On 22 Mar 2009, at 14:53, Mark Smith wrote:
>
>> If the sha1 type is acceptable, you can use either my sha1
>> implementation or the openssl command line to generate a sha1 digest
>> of the password to end up with this form:
>>
>> username:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= (simple)
>> username:{SSHA}sVp7Y6h1ZtYAvp3UbsbZlQYACaU= (salted, more secure)
>>
>> if you were going to use my sha1 (libHash-Hmac) then you could do this
>>
>> function htpasswd.sha1 pPword
>> return "{SHA}" & sha1.b64(pPword)
>> end htpasswd.sha1
>>
>> ----
>>
>> function htpasswd.sha1.salted pPword
>> put numtochar(random(255)) & numtochar(random(255)) into tSalt
>> return "{SSHA}" & sha1.b64(pPword & tSalt) & base64encode(tSalt)
>> end htpasswd.sha1.salted
>>
>>
>> In fact, I might add those to the library.
>>
>> Best,
>>
>> Mark
>>
>>
>> On 22 Mar 2009, at 00:35, Marty Knapp wrote:
>>
>>> Has anyone used Rev to create encrypted passwords that are
>>> compatible with htpasswd to protect areas of your web site? I know
>>> absolutely nothing about encryption. I've spent a few hours poking
>>> around the internet trying to find something that I can use for a
>>> utility I need to make. I found lots of web sites that will generate
>>> an encrypted password, but I don't really want to go that route.
More information about the use-livecode
mailing list