Apache-specific md5 javascript impelementation for .htpsswrd
Question
I'm trying to save a username and password combo in a .htpsswrd file. Before I would send the username/password to the server to be saved by a php script, I would like to hash the password in MD5, so the plain password will not travel over http... I have found a script, which will generate me an MD5 hash in javascript, but it is not accepted by the apache server as a valid password. Here is what I'm always getting:
password: a
hash: 0cc175b9c0f1b6a831c399e269772661
What it should look like:
password: a
hash: $apr1$OcckEo.t$ohO2NxaQZm/YAcWfFZSLi.
This site: http://aspirine.org/htpasswd_en.html tells me, that the hash is made up from: Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random salt and the password. This is the default (since Apache version 2.2.18).
All I would need, to have a function, that will hash me any string, and return the properly hashed reply. And this is where I'm stuck! Anyone? :)
1 answers
solution1
1 2016-03-18 18:24:39
Well two points:
1- This Library might help with what you are trying to do.
2-My recommendation is to postpone the md5 to the server side script along with the salt. On the client side base64 encode the pass along with your own string operations if you wish (and make sure not to name the input name to password). I always liked this method simply because it will be a pain in the ass for whoever that is trying to sniff around plus I can handle the passwords as I like server side with any further operations.
Good luck my friend
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.