0

on Apache's docs site:

http://httpd.apache.org/docs/2.2/misc/password_encryptions.html#digest

They say that the hash of the password used for Digest Authentication created with the htdigest utility:

$ htdigest -c ./.htdigest "A Realm" user
Adding password for user in realm A Realm.
New password:
Re-type new password:
$ cat ./.htdigest
user:A Realm:879af2190fce9012039001fecbb23412

879af2190fce9012039001fecbb23412 = md5(user:A Realm:password). However, if I type:

$ echo "user:A Realm:password" | md5sum
e77ed25bc7d1fe5ffe9f827346b2cd7b    -

I get another hash, which is not the one inside ./.htdigest.

How then Apache computes the MD5 hash inside ./.htdigest when I create the file with htdigest?

tonix
  • 6,671
  • 13
  • 75
  • 136
  • If you're thinking of using digest authentication, don't. It's no longer secure. Instead use plain HTTP auth or a simple auth combined with HTTPS (TLS 1.1 or better) – hookenz Aug 27 '15 at 14:28
  • No, I don't want to use it. I just wanted to understand how that hash was computed because I am curious, do you know how? – tonix Aug 27 '15 at 14:33
  • It should be following the standards or it wouldn't inter-operate with browsers. I'm not sure why it's different. – hookenz Aug 27 '15 at 14:35
  • 1
    I close the post cause I have found the answer here: http://stackoverflow.com/questions/394552/htdigest-file-format – tonix Aug 27 '15 at 14:50
  • Ok, echo throws an extra character at the end. The result is still different though. I suggest you read a detailed spec. My guess is it's got something to do with the Realm containing a space or something. Try the above without a space in the name for the realm. – hookenz Aug 27 '15 at 14:50
  • Oh, sure I didn't see that other answer. But I did figure out it was echo. The result is still wrong though! – hookenz Aug 27 '15 at 14:51
  • That was an example to show the use case, if I try it now it works for the users inside the .htdigest` I created – tonix Aug 27 '15 at 15:01

0 Answers0