By entering the ID and password, the ID and hashed password will be created for putting in .htpasswd.
What is the htpasswd file?
It is used to protect files, folders, or entire websites using HTTP user authentication called BASIC authentication, and is implemented based on the rules described in the .htaccess file.
User information is written on one line per user, and each line contains a username and password separated by a colon (:). User names are saved with plain text, but passwords are saved as hashed form.
You can give the password file any name, but Apache uses .htpasswd by default, and dot files (files starting with ''.'') are usually hidden files, so it is recommended to use “.htpasswd” as the file name.
Hash algorithm
- md5 (APR) $ apr1 $ prefix
A hash function that generates a 128-bit value.
This is the default in version 2.2.18 and later, but it has not been safe enough in recent years.
Compatibility: Apache all versions, Nginx 1.0.3 or higher - crypt (), or crypt (3) without prefix
Up to Apache version 2.2.17 was the default algorithm, but it is now considered insecure because passwords are limited to 8 characters.
Compatibility: Apache, Nginx all versions - SHA-1 {SHA} prefix
A hash function that generates a 160-bit value.
Although it has been adopted by many applications and protocols, it is not safe by recent standards.
Compatibility: All Apache versions, Nginx 1.3.13 or higher - bcrypt $ 2y $ or $ 2a $ prefix
A hash function that has been considered relatively secure in recent years, using the blowfish encryption algorithm.
It takes a lot of time to calculate, which is one reason why it is safe.
The parameter sets the calculation time. (Larger numbers are more complex and safer, but are slower to generate)
*Be careful not to set a value of 10 or more, as it will be very heavy.
Compatibility: Apache 2.4 or later (requires apr-util 1.5 or higher)
