Different output, same username and password
-
27-09-2019 - |
문제
I was wondering why even for the same username and the same password, htpasswd outputs a new hash everytime? I tried finding an answer to this question, but couldn't.
해결책
The passwords generated by "htpasswd" use a random salt, to make it harder to guess. It also means that pre-crypted dictionaries for attacks have to be much larger since they have to crypt every possible password with every possible salt.
htpasswd uses crypt(3) behind the scenes.
다른 팁
Here is a tip for you, when generating secret keys or strings, use a one_way_hash( salt + current time), these are, if not impossible, hard to crack. I normally employ this to create tokens or session keys.
제휴하지 않습니다 StackOverflow