Member-only story
By default nginx server does not come with htpasswd, but we can generate a password file with an external tool :)
Type of cryptography in htpasswd
htpasswd has multiple password protection methods as shown in the table below, except for bcrypt and SHA512 base, rest it is insecure.
Bcrypt is up to 72 characters, nginx basic authentication depends on system crypt.3 and it depends on the system whether it supports bcrypt.
There is also a patch that supports bcrypt by nginx alone regardless of the OS implementation but is unverified. Some Linux doesn’t support bcrypt, so if you want to use nginx basic authentication on your system, just use SHA512 based hashes.
SHA512 is also supported by the new version even in the Apache version of htpasswd, but if it is not supported, it can be generated with the openssl command as shown below, or it can be generated with crypt.3.
Examples:
- For OpenSSL
- For Python
