3

I have an apache web server running on Debian Linux and I secure a certain directory with htaccess. I have no history or knowledge how the .htpasswd file was created. Apache documentations says that crypt() encryption was used to encrypt passwords until version 2.2.17 and MD5 encryption is used since 2.2.18. How may I distinguish which encryption my .htpasswd file uses?

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
alaf
  • 133
  • 1
  • 4

1 Answers1

5

I have no history or knowledge how the .htpasswd file was created.

You're probably looking for the htpasswd command. Read the man page for more details:

man htpasswd

How may I distinguish which encryption my .htpasswd file uses?

Why do you need to know that? I don't think it's important to know that if you just want to edit the file.

I'm asking because I had the impression that both of them are vulnerable.

The htpasswd command on my machine can use four different password formats:

# MD5 (default)
martin@martin ~ % htpasswd -m -b -n user pass
user:$apr1$uFKIg3No$ItOJ5p6EEbALwPDYcPDd0.
# crypt
martin@martin ~ % htpasswd -d -b -n user pass
user:qMYdeiUkbhR/o
# SHA
martin@martin ~ % htpasswd -s -b -n user pass
user:{SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
# Plain
martin@martin ~ % htpasswd -p -b -n user pass
user:pass

That should help you figure out which format you're using.

I am wondering though what you're concerned about... whether the hashes are vulnerable is only of concern if an attacker is able to gain access to the .htpasswd file, which should be very unlikely in a sane configuration. The .htpasswd file should be stored outside of the served directory, for example somewhere in /etc, where the web server can access it, but will not serve it.

What should concern you much more is the fact that HTTP Basic Auth transmits passwords in cleartext, which is definitely unsafe if you're not using HTTPS. So if you're concerned about security, consider switching to HTTP Digest Auth.

Martin von Wittich
  • 13,857
  • 6
  • 51
  • 74
  • I meant that I wasn't the one that gave the command so I don't know if the parameter was -d for crypt() or -m for MD5. I'm asking because I had the impression that both of them are vulnerable. – alaf Sep 26 '13 at 20:17
  • 1
    @alaf The MD5 method is a mediocre way to store passwords: it is salted and iterated, but the iteration is fixed at a value that is too low. The other methods listed here are abysimally bad for human-chosen passwords: they aren't even salted. See [How to securely hash passwords?](http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords) for explanations. Note that this is a concern for the security of the passwords, not the security of the server. If the passwords are random and assigned by the administrator, then any hashing method is fine. – Gilles 'SO- stop being evil' Sep 26 '13 at 22:38
  • 1
    These days you can use salted bcrypt (-B) with a configurable computation time cost (-C), which is much more secure against brute force attacks on the hash. – seren Apr 21 '17 at 23:48