Basic Authentication
Basic authentication has been used for many web services like Nginx. In Basic authentication, the username/password pair is connected by a colon “:” and encoded in Base64 for transmission. This has the disadvantage that it is easy to eavesdrop and tamper with, but it is widely used because it is supported by almost all web servers and browsers.
Digest Authentication
To prevent eavesdropping and tampering, a method called Digest authentication was later devised, in which the user name and password are hashed using MD5 and sent. You should NOT hash your password when you use digest authentication. Your password will be automatically hashed on the way of the digest authentication procedure.
htpasswd usage
To use basic authentication, we have to create username-password pairs using .htpasswd. The below code shows how to create a password.
#/bin/bash
# install coreutils to use "cat"
apt-get install -y coreutils
# install apache2-utils for basic authentication
apt-get install -y apache2-utils
#
# htpasswd -b -s -c .htpasswd username userpass
htpasswd -b -2 -c .htpasswd username userpass
#
cat .htpasswdThe above “cat .htpasswd” returns
username:$2y$05$I0/YKqz4cHohBllqpHwxL.pQfY8LXZ1J9jpo57vnpCmpILa31sJLKsome htpasswd options
| Options | Explanations |
| -c | Create a new password file. The file will be overwritten if it exists. |
| -m | Your password will be hashed by MD5. |
| -s | Your password will be hashed by SHA-1 (insecure). |
| -D | Delete the specified user. |
| -v | Verify password for the specified user. |
| -B | Force bcrypt encryption of the password (very secure). |
| -b | Use the password from the command line rather than prompting for it. |
| -p | Do not encrypt the password (plaintext, insecure). |
