Jump to content

WordPress: Update MD5 htpasswd-Hash


Togijak

Recommended Posts

Normal WorPress user are protecting the admin account with  .htaccess and most of this user are using  MD5/SHA1 but it is much more secure to use bcrypt

Quote

Hashing algorithms

bcrypt $2y$ or $2a$ prefix
This algorithm is currently considered to be very secure. Bcrypt hashes are very slow to compute (which is one one the reasons why they are secure). The cost parameter sets the computing time used (higher is more secure but slower, default: 5, valid: 4 to 31).
Warning : think carefully before you try values above 10, this thing is really slow. You could freeze your computer.
Compatibility : Apache since version 2.4 (needs apr-util 1.5+)
md5 (APR) $apr1$ prefix
Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random salt and the password. This is the default (since Apache version 2.2.18).
Compatibility : all Apache versions, Nginx 1.0.3+.
crypt(), also known as crypt(3) no prefix
It used to be the default algorithm until Apache version 2.2.17. It limits the password length to 8 characters. Considered insecure.
Compatibility : all Apache and Nginx versions, Unix only. Plain ASCII characters only.
salted sha-1 {SSHA} prefix
Considered insecure. The use of salt makes it more time-consuming to crack a list of passwords. However, it does not make dictionary attacks harder when cracking a single password.
Compatibility : Nginx 1.0.3+ only.
sha-1 {SHA} prefix
Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif). This algorithm is insecure by today's standards.
Compatibility : all Apache versions, Nginx 1.3.13+.
Plaintext (no hashing) no prefix for Apache, {PLAIN} for Nginx
Use plaintext passwords. Insecure.
Compatibility : all Windows and Netware Apache versions, Nginx 1.0.3+.

 

here you find an htpasswd generator for offline use that works with bcrypt

Link to comment
Share on other sites


  • Views 804
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...