Apache Version for HTPasswd

[mikefr]

I'm trying to generate an .htpasswd file for use on my Sonic-hosted web site. Now that shell access has been removed, I'm using a remote web site to generate the .htpasswd contents (because there's no htpasswd on my Windows 11 system). At this remote site, I am able to choose the encryption algorithm for my password, but the only one of the provided choices that seems to be considered secure is Bcrypt. However, the web page tells me it's supported on Apache versions 2.4 or later and when I use this algorithm on my web site it fails. Only if I use an algorithm that is supposedly insecure ("Apache specific salted MD5") can I get my .htpasswd to work.

So, does this mean Sonic is running an earlier version of Apache than 2.4?

Or am I doing something wrong?

Thanks.

[joemuller]

...
I am able to choose the encryption algorithm for my password, but the only one of the provided choices that seems to be considered secure is Bcrypt. However, the web page tells me it's supported on Apache versions 2.4 or later and when I use this algorithm on my web site it fails. Only if I use an algorithm that is supposedly insecure ("Apache specific salted MD5") can I get my .htpasswd to work.

So, does this mean Sonic is running an earlier version of Apache than 2.4?
...

Our customer web hosting servers are running a version of Apache older than 2.4, so there is no support for bcrypt encryption of passwords in .htpasswd files. I think the SHA- based options should still be supported.

-- Joe M

[mikefr]

Joe,

Thanks for confirming that your Apache is older than 2.4. Unfortunately, the only htpass program for Windows 11 that I've found thus far supports just Bcrypt. And the remote web site I've been using provides only MD5 as an alternative to Bcrypt. (And I'd really prefer not to generate an .htpasswd file by sending the plaintext password to a remote site).

Mike