blob: ee4ac7397567c7badf088d85edf6b95ed905d238 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
.. index:: apache; md5 password hash
======================================================================
:class:`passlib.hash.apr_md5_crypt` - Apache's MD5-Crypt variant
======================================================================
.. currentmodule:: passlib.hash
This format is a variation of :class:`~passlib.hash.md5_crypt`,
primarily used by the Apache webserver in ``htpasswd`` files.
It contains only minor changes to md5-crypt, and should
be considered just as strong / weak as md5-crypt itself.
.. seealso:: :doc:`md5_crypt <passlib.hash.md5_crypt>`, :mod:`passlib.apache`
Usage
=====
This algorithm can be used in exactly the same way as :class:`~passlib.hash.md5_crypt`,
see that class for details.
Interface
=========
.. autoclass:: apr_md5_crypt()
Format & Algorithm
==================
This format and algorithm of Apache's MD5-Crypt is identical
to the original MD5-Crypt, except for two changes:
1. The encoded string uses ``$apr1$`` as it's prefix, while md5-crypt uses ``$1$``.
2. The algorithm uses ``$apr1$`` as a constant in the step where md5-crypt uses
``$1$`` in it's calculation of digest B (see the :ref:`md5-crypt algorithm <md5-crypt-algorithm>`).
Because of this change, even raw checksums generated by apr-md5-crypt and md5-crypt
are not compatible with eachother.
.. rubric:: Footnotes
.. [#] Apache's description of Apr-MD5-Crypt -
`<http://httpd.apache.org/docs/2.2/misc/password_encryptions.html>`_
|
