Re: password encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You need to understand how the htaccess file and its passwords are created. using mcrypt will likely lead to problems. htaccess passwords are encrypted with DES algorithm

[quote http://www.edevcafe.com/viewdoc.php?eid=97]
If you wanted to write a CGI script to help you add/delete users from the .htpasswd file, then you need to know something about the format of this file. Each line of the .htpasswd file contains one username/password combination that looks something like this:



Username:w8G2g305KxNd2




Note that the first 2 characters of the encrypted password represent the SALT used by the 2-char DES encryption algorithm that produced the encrypted string you see above. The command ?crypt(?password?, ?w8?)? in PHP4 will produce ?w8G2g305KxNd2?. Since DES encryption is a one-way encryption algorithm, this provides us with a way to encrypt the suspect password so it can be compared to the known password.


[/quote]

There is no need to use decrypt since that is not how the htaccess authorization works (unless you write a custom page to check the values (and since you can encrypt before checking) decrypt is not used)


hth

bastien


From: php_user <php@xxxxxxxxxxxx>
To: Han <han@xxxxxxxxxxxxx>, php-db@xxxxxxxxxxxxx
Subject: Re:  password encryption
Date: Fri, 19 Nov 2004 07:21:53 -0500

Han,

You can try installing mcrypt, it gives you encryption/decryption capabilities in PHP. It's fairly easy to install in you're running a Windows system; I think you have to recompile php if your on a Linux system, and I have never been able to successfully do that. You might look into it though, I don't quite understand why it can't be included with the default PHP installation, or be made easier to install.

http://us2.php.net/mcrypt

-JD

Han wrote:

Hello,

I'm having a real problem and wondering if anyone can help.

I need to set up htaccess ans htpasswd files to authenticate users on my system.
I need to do it with PHP, but can't find a way of encrypting the password so it works.


I've used an online encrypter for testing the system, and I've got the .htaccess and .htpasswd files correct, but I need to programmatically encrypt the password in my script then write it to the 2 files.

Han.


-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux