htpasswd Generator

Username:

Password:

Algorithm: APR1 (MD5) - Default bcrypt - Most Secure SHA-256 (Plain) SHA-512 (Plain)

---

What is htpasswd?

This htpasswd utility allows administrators to create and manage user accounts and passwords, which are stored in a file on the web server (typically Apache or NGINX). When a user attempts to access a protected resource, the server checks the authentication file to see if the user has the proper credentials.

Supported Algorithms

APR1 (MD5) - Default & Widely Compatible

APR1 is the Apache-specific password hashing algorithm introduced in Apache 1.1.1. It's a variation of MD5 designed to be computationally intensive. A random salt is generated and hashed with the password using MD5, then hashed again 1000 times with additional modifications for randomness. The format is: $apr1$salt$hash

bcrypt - Most Secure (Recommended)

bcrypt is currently considered the most secure option for password hashing. It uses an adaptive hash function based on the Blowfish cipher. The computational cost increases with the "rounds" parameter (10 rounds by default), making it highly resistant to brute-force attacks. The format is: $2y$rounds$salthash

SHA-256 - Plain Hash

SHA-256 produces a 256-bit hash value. Note: This implementation uses plain SHA-256 hashing without salting or multiple rounds, making it less secure than APR1 or bcrypt. Only use for compatibility or testing purposes. The format is: {SHA256}base64hash

SHA-512 - Plain Hash

SHA-512 produces a 512-bit hash value. Like SHA-256, this is a plain hash without salting or multiple rounds. While SHA-512 produces a longer hash than SHA-256, without proper salting it remains vulnerable to rainbow table attacks. The format is: {SHA512}base64hash

---

---

Feedback