So i think it's been rehased many times that Apache uses a modified version of MD5... and for some reason no one has been able to reproduce that in PHP (at least that I've found) so I dig some digging through their source code and found this:

http://www.koders.com/c/fid4411028372E46E2D4BE52DBCD2CFF84921884B71.aspx

[not sure if thats the latest and great but I downloaded the latest source to have a look, id imagine this function wouldnt change from release to release as old passwords wouldnt work anymore]

that being said and shown, would it be that hard for someone to convert that "routine" into a PHP function???

I havent touched C or OOP/Class style programming since the mid-90's... never the less I'm going to try to figure some of it out

Anyone think they could tackle it?

    How is this md5 hash different from the one in PHP?

    Have you tried them both out on known md5 test vectors and produced identical output?

    Mark

      As i mentioned, apache uses a modified version of MD5 which has been mentioned a million times on the web.

      The outputs of PHPs' MD5() and Apaches' MD5 (when using htpasswd) are two totally different monsters

        There is only one md5 algorithm. If two implementations produce different hash values, one of them is wrong.

        Seeing as you are presumably trying to modify a apache basic authentication users file, why not invoke htpasswd directly?

        Mark

          Could you write a function that uses the actual htpasswd utility to create a dummy passwd file for a dummy user and then parse the resulting file to view the hashed value?

          psuedo-code:

          function ($RawPasswd) {
            system ("htpasswd -mbc dummyfile dummyuser $RawPasswd");
            $lines = file("dummyfile");
            //..do some regex parsing on the $lines array here..
            return $MD5Passwd;
          }

          ..just an idea.

            Write a Reply...