htpasswd - old passwords do not fit

Question

There was a server on Ubuntu with Apache and PHP. The site was authenticated (Apache Basic Authentication). Passwords were generated in PHP like this:

$password=crypt($password);

What hash method was configured, and how, I was not interested. Generates passwords, yes and good.

Transferred the site to a new server with Ubuntu 15.04, PHP 5.6.4, Apache 2.4.10. And he stopped letting passwords like:

 user1:$6$CB/mFomB$7RPHkrzaOAzxqkUYQXccePVACerVsZfED.hoDofBnHNSfx5NOUnhtcKB6ImOrE.d/xDNMU6B7tqipWm1Qzw3k. user2:$6$rbBZzWeo$lmBqIwiLcYEblULhc.oUhYCEC.YEokOJ1lpnyyUgCjWs6B4e6JXOOe0fVPAa9TasdpvWJgd8xeoi.VYHtfc3j/

Determined that this is a SHA-512 hash.

I tried to generate a hash using htpasswd, the hash is short, but everything works.

Can you please tell Apache to check passwords in SHA-512?

On the old system, what are the first 3 characters of the hashes?
They write that: "[CRYPT_SHA_512] - SHA-512 hash with a 16 character salt starting with $ 6 $."
probably on different systems different hashing algorithms are supported.
crypt ($ password, '$ 6 $ CB / mFomB') is for the first hash from the example provided.
But the trouble is that apparently apache (or something else?) Does not recognize the password associated with this hash.

Answer 1 · 2016-04-27T16:34:34

if you know these passwords:

 user1:$6$CB/mFomB$7RPHkrzaOAzxqkUYQXccePVACerVsZfED.hoDofBnHNSfx5NOUnhtcKB6ImOrE.d/xDNMU6B7tqipWm1Qzw3k. user2:$6$rbBZzWeo$lmBqIwiLcYEblULhc.oUhYCEC.YEokOJ1lpnyyUgCjWs6B4e6JXOOe0fVPAa9TasdpvWJgd8xeoi.VYHtfc3j/

check on the system where you have a “new” apache , whether these hashes exactly correspond to what is generated:

 $ mkpasswd -m sha-512 пароль соль

salt is, in this case, that between the second and third $ .

for user1 salt is CB/mFomB , for user2 , rbBZzWeo

htpasswd - old passwords do not fit

1 answer 1

More articles: