Htpasswd Generator

Generate hashed password to be described in .htpasswd file

Add to favorite
Hash algorithm:

What this tool can

By entering the ID and password, the ID and hashed password will be created for putting in .htpasswd.

What is the htpasswd file?

It is used to protect files, folders, or entire websites using HTTP user authentication called BASIC authentication, and is implemented based on the rules described in the .htaccess file.
User information is written on one line per user, and each line contains a username and password separated by a colon (:). User names are saved with plain text, but passwords are saved as hashed form.
You can give the password file any name, but Apache uses .htpasswd by default, and dot files (files starting with ''.'') are usually hidden files, so it is recommended to use “.htpasswd” as the file name.

Hash algorithm

  • md5 (APR) $ apr1 $ prefix
    A hash function that generates a 128-bit value.
    This is the default in version 2.2.18 and later, but it has not been safe enough in recent years.
    Compatibility: Apache all versions, Nginx 1.0.3 or higher
  • crypt (), or crypt (3) without prefix
    Up to Apache version 2.2.17 was the default algorithm, but it is now considered insecure because passwords are limited to 8 characters.
    Compatibility: Apache, Nginx all versions
  • SHA-1 {SHA} prefix
    A hash function that generates a 160-bit value.
    Although it has been adopted by many applications and protocols, it is not safe by recent standards.
    Compatibility: All Apache versions, Nginx 1.3.13 or higher
  • bcrypt $ 2y $ or $ 2a $ prefix
    A hash function that has been considered relatively secure in recent years, using the blowfish encryption algorithm.
    It takes a lot of time to calculate, which is one reason why it is safe.
    The parameter sets the calculation time. (Larger numbers are more complex and safer, but are slower to generate)
    *Be careful not to set a value of 10 or more, as it will be very heavy.
    Compatibility: Apache 2.4 or later (requires apr-util 1.5 or higher)

Useful for

  • quickly creating username and hashed password text to write to .htpasswd file when setting up basic authentication on web servers (apache, nginx)

related tools