Creating htpasswd compatible passwords

Marty Knapp martyknapp at comcast.net
Fri Mar 27 23:13:08 EDT 2009


Just got back from a trade show (National Association of Corrosion 
Engineers - sound exciting?!) I'll download your library and tinker with it.

Thanks Mark.


Marty Knapp
> In fact, ig (and a verify function).
>
> It's at: http://futsoft.futilism.com/revolutionstuff.html
>
>
> best,
>
> Mark
>
> On 22 Mar 2009, at 14:53, Mark Smith wrote:
>
>> If the sha1 type is acceptable, you can use either my sha1 
>> implementation or the openssl command line to generate a sha1 digest 
>> of the password to end up with this form:
>>
>> username:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= (simple)
>> username:{SSHA}sVp7Y6h1ZtYAvp3UbsbZlQYACaU= (salted, more secure)
>>
>> if you were going to use my sha1 (libHash-Hmac) then you could do this
>>
>> function htpasswd.sha1 pPword
>>    return "{SHA}" & sha1.b64(pPword)
>> end htpasswd.sha1
>>
>> ----
>>
>> function htpasswd.sha1.salted pPword
>>    put numtochar(random(255)) & numtochar(random(255)) into tSalt
>>    return "{SSHA}" & sha1.b64(pPword & tSalt) & base64encode(tSalt)
>> end htpasswd.sha1.salted
>>
>>
>> In fact, I might add those to the library.
>>
>> Best,
>>
>> Mark
>>
>>
>> On 22 Mar 2009, at 00:35, Marty Knapp wrote:
>>
>>> Has anyone used Rev to create encrypted passwords that are 
>>> compatible with htpasswd to protect areas of your web site? I know 
>>> absolutely nothing about encryption. I've spent a few hours poking 
>>> around the internet trying to find something that I can use for a 
>>> utility I need to make. I found lots of web sites that will generate 
>>> an encrypted password, but I don't really want to go that route. 




More information about the use-livecode mailing list