Htpasswd File Generator

Generate the encrypted password for .htpasswd file

Add to favorite
Hashing algorithm:

What this tool can

Htpasswd Generator tool allow you to create valid passwords for .htpasswd files.

What is .htpasswd file?

A .htpasswd file is typically used when protecting a file, folder or entire website with a password using HTTP authentication and implemented using rules within a .htaccess file. User credentials are stored on separate lines, with each line containing a username and password separated by a colon (:). Usernames are stored in plain text, however passwords are stored in an encrypted hashed format. This encryption is usually MD5, although in Linux it can be based on the crypt() function. Although it is possible to name the password file whatever you want, this is strongly not advised as Apache is preconfigured to use .htpasswd by default, and dot files (files that begin with “.”) are generally hidden files.

Hashing algorithms

  • md5 (APR) $apr1$ prefix
    Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random salt and the password. This is the default (since Apache version 2.2.18).
    Compatibility : all Apache versions, Nginx 1.0.3+.

  • crypt(), also known as crypt(3) no prefix
    It used to be the default algorithm until Apache version 2.2.17. It limits the password length to 8 characters. Considered insecure.
    Compatibility : all Apache and Nginx versions, Unix only. Plain ASCII characters only.

  • sha-1 {SHA} prefix
    Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif). This algorithm is insecure by today's standards.
    Compatibility : all Apache versions, Nginx 1.3.13+.

  • bcrypt $2y$ or $2a$ prefix
    This algorithm is currently considered to be very secure. Bcrypt hashes are very slow to compute (which is one one the reasons why they are secure). The cost parameter sets the computing time used (higher is more secure but slower, default: 5, valid: 4 to 31).
    Warning : think carefully before you try values above 10, this thing is really slow. You could freeze your computer.
    Compatibility : Apache since version 2.4 (needs apr-util 1.5+)

Useful for

  • Generate passwords that have been encrypted by different algorithms for the .htpasswd file.
    For using generated .htpasswd file, put the following code in .htaccess :
    AuthType Basic 
    AuthName "Password Protected Area"
    AuthUserFile /path/to/.htpasswd
    Require valid-user
    And you need to change “/path/to/.htpasswd” with the full path to your .htpasswd

related tools