← ← All Tools
中文

🔐 htpasswd Generator

Generate local htpasswd lines for Apache/Nginx Basic Auth with bcrypt, apr1, and SHA-1 output

This tool defaults to bcrypt and generates `.htpasswd` entries locally in your browser. Usernames cannot contain `:` and your password is not uploaded by the tool.

Leading and trailing spaces are trimmed automatically. `:` and line breaks are rejected because `.htpasswd` uses `username:hash` lines.

Password Strength

Empty

Algorithm

Bcrypt is slower but safer and should be your default for new `.htpasswd` files.

Higher cost means slower hashing. In-browser, 8-12 is a good default range; increase only when you really need it.

Compatibility Notes

  • Bcrypt: recommended for modern Apache / Nginx Basic Auth setups.
  • Apache MD5 (apr1): retained for older Apache compatibility and still salted.
  • SHA-1: compatibility-only and not recommended for new passwords.

FAQ

Why do repeated generations create different hashes?

Bcrypt and Apache MD5 (apr1) both add a random salt automatically, so the same password produces a different hash each time while still verifying correctly in Basic Auth.

Which algorithm should I choose?

Prefer bcrypt for new setups. Switch to Apache MD5 or SHA-1 only when an older environment explicitly requires `$apr1$` or `{SHA}` output.

Does this tool upload my username or password?

No. All hashing happens locally in your browser and the page does not send your username or password to a server.

More tools you might find useful.

🔐
AES Encrypt/Decrypt
Client-side AES encryption and decryption with GCM, CBC, and CTR modes, PBKDF2 passphrase derivation and raw key input — keys are not uploaded by the tool
🔐
BCrypt Hash Generator & Verifier
Client-side BCrypt password hash toolkit with three tabs: Generate (cost 4-15, $2a/$2b/$2y version selector, 3 output formats), Verify (auto-parses cost/version with OWASP guidance), and Inspect (dissect any bcrypt hash into prefix/cost/salt/hash). Real-time 72-byte truncation warning, progress bar, cancel button, and mobile-friendly chip controls.
🔐
DES / 3DES Encrypt & Decrypt
Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.
#️⃣
Hash Generator
MD5 & SHA Hash Calculator
🔐
HMAC Calculator
Client-side HMAC calculator with SHA-1/256/384/512, UTF-8/Hex/Base64 key formats, text & file input, and HMAC verification

Free online htpasswd generator for Apache and Nginx Basic Auth files. Generate local `.htpasswd` entries in bcrypt, Apache MD5 (apr1), or SHA-1 format with password confirmation, strength hints, copy, and download. Everything runs locally in your browser with no credential upload.