how to generate a hash like apache's htpasswd using java
Asked Answered
P

5

8

i use "Force MD5 encryption of the password" in htpasswd to generate a hash for instance '123' i get:

use htpasswd: 123 => $apr1$kaTbKaLO$ewJXRZAKpjaxK4thy2jOp/

use MD5 digest: 123 => 202cb962ac59075b964b07152d234b70

please tell me how can i generate a hash like the apache htpasswd using java Thanks.

Papilla answered 18/3, 2010 at 10:56 Comment(0)
E
7

Passwords in Apache .htpasswd files are encoded using a salt. If you want to generate these passwords using Java you'll need to do the same. This site has an explanation of the salt/hashing algorithm used for Apache's .htpasswd files; I am looking for an actual algorithm you could use and will edit my answer after I find one.

EDIT: Looks like it's been asked before, right here on SO:

Programmaticly building htpasswd

Here's the documentation from Apache, along with their source code:

http://httpd.apache.org/docs/2.2/misc/password_encryptions.html

http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/crypto/apr_md5.c?view=co

Eyra answered 18/3, 2010 at 12:22 Comment(0)
B
3

I found where someone's tackled this in java & released it with a beer-ware license. Better late than never right? It's been there probably since 2007 so I'd be surprised if you hadn't eventually found it some time after asking in 2010.

"Java Port By: Jonathan Abbey, [email protected]"

"MD5Crypt.java is a port of Poul-Henning Kamp's original FreeBSD MD5-based hash algorithm, with additional methods to support the Apache HTTPd server variant of this algorithm."

"The resulting string will be in the form '$apr1$<salt>$<hashed mess>'"

ftp://ftp.arlut.utexas.edu/pub/java_hashes/

Banish answered 3/4, 2012 at 22:52 Comment(0)
N
2

Md5Crypt is what you are looking for. It implements Apache htpasswd algorithms

Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password.

import org.apache.commons.codec.digest.Md5Crypt;
...
String enPasswd = Md5Crypt.md5Crypt("your plain password".getBytes());
String htpasswdContent = "your username:" + enPasswd;
Nonbelligerent answered 24/8, 2017 at 5:23 Comment(0)
F
0

http://www.anyexample.com/programming/java/java_simple_class_to_compute_md5_hash.xml

Freddyfredek answered 18/3, 2010 at 10:58 Comment(2)
yes, i used MD5 digest but the result is different with htpasswd's resultPapilla
@robinmag: You need to salt and use md5 1000 times -- see my answer.Eyra
B
0

In fact, to have

123=>$apr1$kaTbKaLO$ewJXRZAKpjaxK4thy2jOp/,

it is necessary to use the apr1Crypt method of the Md5Crypt class instead of the md5Crypt method of the same class.

Otherwise, instead of having 123=>$apr1$kaTbKaLO$ewJXRZAKpjaxK4thy2jOp/, we end up having 123=>$1$kaTbKaLO$ewJXRZAKpjaxK4thy2jOp/ (i.e. $1$ instead of $apr1$ before the salt as desired by the post). The code should be:

import org.apache.commons.codec.digest.Md5Crypt;
...
String enPasswd = Md5Crypt.apr1Crypt("your plain password".getBytes());
String htpasswdContent = "your username:" + enPasswd;
Bipartite answered 4/8, 2023 at 15:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.