0

Is there a way to generate a htpasswd entry using R, ie, without using the htpasswd utility itself?

According to the Apache docs,

htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine. Files managed by htpasswd may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with crypt().

I tried using either openssl::md5 or digest::digest, but they don't seem to be producing anything I can recognise.

Here's some sample output using htpasswd on Ubuntu. The result changes each time, presumably because there is a salt being used. The hash doesn't look like it's base64-encoded either.

hongo@hongsdev:~$ echo bar | htpasswd -n -i foo
foo:$apr1$ArTUhiJz$/qjciBNKHEWwpXBof75rb.

hongo@hongsdev:~$ echo bar | htpasswd -n -i foo
foo:$apr1$pZxmtIam$VkfMvV2qR4NBkPm3MKcJ/.

hongo@hongsdev:~$ echo bar | htpasswd -n -i foo
foo:$apr1$IFM43G9p$UkQB9QSONrwD74WpXlP7f/

Some attempts using openssl::md5 and digest::digest:

r$> openssl::md5("bar")
[1] "37b51d194a7513e45b56f6524f2d51f2"

r$> digest::digest("bar", algo="md5")
[1] "cbd2100992f98ebf9169448cf98f63a5"

r$> openssl::base64_encode(openssl::md5("bar"))
[1] "MzdiNTFkMTk0YTc1MTNlNDViNTZmNjUyNGYyZDUxZjI="
Hong Ooi
  • 56,353
  • 13
  • 134
  • 187

1 Answers1

0

Coming back to this....

The bcrypt package provides an R interface to the blowfish password hashing algorithm, and can be used to generate a suitable file. There don't seem to be packages for the other algorithms, but this one works.

library(bcrypt)

user_list <- list(
    c("user1", "password1")
)
user_str <- sapply(user_list, function(x) paste(x[1], hashpw(x[2]), sep=":"))
writeLines(user_str, "auth")
Hong Ooi
  • 56,353
  • 13
  • 134
  • 187