Created
August 18, 2017 23:28
-
-
Save mingsai/a37bcb16f599649ccff9e366b28200c6 to your computer and use it in GitHub Desktop.
How to use htpasswd to secure web folders
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
put the htpaswd file outside of your root folder so it isn’t web accessible like: | |
http://www.yourdomain.com/.htpasswd | |
In terminal one can generate a htaccess password | |
htpasswd -nb username password | |
Use a strong random number generator to create a salt of 16 bytes or longer. | |
Feed the salt and the password into the PBKDF2 algorithm. | |
Use HMAC-SHA-256 as the core hash inside PBKDF2. | |
Perform 40,000 iterations or more (August 2017). | |
Take 32 bytes (256 bits) of output from PBKDF2 as the final password hash. | |
Store the iteration count, the salt and the final hash in your password database. | |
Increase your iteration count regularly to keep up with faster cracking tools. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment