Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mkpasswd as htpasswd generator #134

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add mkpasswd as htpasswd generator #134

wants to merge 1 commit into from

Conversation

tats-u
Copy link

@tats-u tats-u commented Feb 26, 2025
edited
Loading

mkpasswd command is the best for the Basic authentication password hash string generator for the following reasons:

  • Supports all of yescrypt, SHA512Crypt, and bcrypt. yescrypt is the most tolerable against the offline GPU attack among algorithms provided by crypt() and the default algorithm in Ubuntu. openssl passwd doesn't support bcrypt or yescrypt.
  • Can adjust stretching amount. openssl passwd cannot do it.
  • Uses the most recommended algorithm used as the algorithm of /etc/shadow by default. openssl passwd uses the stale MD5Crypt by default.

mkpasswd is included in the package mkpasswd (RHEL 9+) / whois (Ubuntu).

Note: that included in the expect package is completely different. Its command name was duplicated in RHEL 8 or prior but renamed in RHEL 9 or later or Ubuntu.

$ mkpasswd -m bcrypt -R 11
Password:
$2b$11$P3NNwJcTwrflYQtaNFO/OuwSXXVriu.YHI4xhrTTPIss1I.dK6Sxm
$ mkpasswd -m yescrypt
Password:
$y$j9T$PmNGsG.cmwp2zuMANQU4P0$0pTFQk1urRkf227rALW9yqWjD0ATcbrwWFJI4VpXBX6
$ mkpasswd -m sha512crypt -R 10000
Password:
$6$rounds=10000$e7pRuTkR05JoYLmP$EuS.JflmIVDhU4kIW42vSZsEcAOiQoz4ZkCApYkdVZ8StXLm5RiaVzEQ..nhxOQTe97n5DtHcXoS1sgsbUySy.

@y82
Copy link
Collaborator

y82 commented Mar 4, 2025

Hi @tats-u ,

Thank you for your contribution. I would suggest concatenating the two patches into one and removing the installation options for consistency with the htpasswd / openssl passwd commands, for example,
"can be generated using
the “htpasswd” utility from the Apache HTTP Server
distribution, the “mkpasswd”, or the “openssl passwd” command;"

Also, please refer to our README.md for:

  • the commit log style, for example: "Added mkpasswd as htpasswd generator."
  • a version bump of the page: rev="11"> instead of rev="10">
    Thank you.

@y82 y82 self-requested a review March 4, 2025 09:31
y82
y82 requested changes Mar 4, 2025
View reviewed changes
xml/en/docs/http/ngx_http_auth_basic_module.xml Outdated
distribution or the “<command>openssl passwd</command>” command;
distribution or the “<command>mkpasswd</command>” or “<command>openssl passwd</command>” command;
<note>
“<command>mkpasswd</command” can be installed by “<command>apt install whois</command>” in Ubuntu / Debian or “<command>dnf install mkpasswd</command>” in RHEL 9+. The command with the same name, “<command>mkpasswd</command>”, which is included in the “expect” package in RHEL8 and earlier, is a different command. It was renamed to “<command>mkpasswd-expect</command>” in RHEL 9.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest removing the installation options for consistency with the htpasswd / openssl passwd commands, for example,
"can be generated using
the “htpasswd” utility from the Apache HTTP Server
distribution, the “mkpasswd”, or the “openssl passwd” command;"

Also, please refer to our README.md for:

the commit log style, for example: "Added mkpasswd as htpasswd generator."
a version bump of the page: rev="11"> instead of rev="10">
Thank you.

Copy link
Author

@tats-u tats-u Mar 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean reverting 3b08b0a? I think + and - are swapped.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, just mentioning the mkpasswd would be fine.

Copy link
Author

@tats-u tats-u Mar 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not help mentioning whois command (mkpasswd is derived from it) in favor of RHEL 8 users.

@tats-u tats-u requested a review from y82 March 4, 2025 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@y82 y82 Awaiting requested review from y82

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tats-u @y82