Issue 87 in svnbook: mention 'htdigest' tool when mentioning digest auth

svnbook at svnbook at
Mon Jan 3 19:20:21 CST 2011

Comment #3 on issue 87 by quinntay... at mention 'htdigest' tool when  
mentioning digest auth

I just ran into this same problem. No, 'htpasswd -m' uses MD5 encryption  
for passwords, but htdigest creates a different format of file. For one  
thing, it has the additional concept of a "realm".

Perhaps one reason for the wrong assumption is that Apache digest  
authentication uses MD5 as the algorithm for the challenge and response  
hashes, whereas the -m for htpasswd specifies how the password is stored.  
(Similarly, 'htpasswd -s' specifies SHA rather than MD5.)

Updating the svnbook documentationto reflect this would be a nice step  
towards helping people use something more secure than Apache's basic  
authentication. I'd be happy to provide a patch with an example if needed.

More information about the svnbook-dev mailing list