Javascript Htpasswd Generator

Disclaimer

I am not responsible for the security of this implementation. Use at your own risk.

Motivation

There are sometimes when one does not have access to a shell account from which to generate an htpasswd. For instance, think of the business development guy who needs to generate a password, but runs windows and doesn't have access to a shell with the htpasswd utility. He could download a binary program and run it, but this isn't ideal. One might be tempted to use one of the 1.08 million results for htpasswd generator, but most of these are CGI based programs which inherently compromises their security.

A possible solution would be for each company to host their own CGI based htpasswd generator. This works especially if they host it on an secure site. However, in my mind a more general solution would be an open solution which is easily run on any platform and doesn't require net access while encrypting the password. This is my motivation for this page

Tools used

I chose to use the crypt version of the htpasswd file because I found an crypt implementation in javascript: http://whereswalden.com/tech/internet/javacrypt/. It should be noted that there is an md5 javascript implementation available at http://pajhome.org.uk/crypt/md5/. Unfortunately this is not the BSD md5 implementation and in fact, this page claims that implementing the BSD md5 would not be feasible in javascript. Additionally, the page notes that javascript is not an inherently secure language and may leave the passwords and or encryption data in memory longer than necessary which can reduce security.

Generator

Username:
Password:
Password (again):

.htpasswd line

username:encryptedWithSalt