AW: bcrypt

Lukas Tribus luky-37 at
Fri Jun 23 13:24:19 UTC 2017


> In nginx there is no native support for bcrypt passwords as 
> produced by Apache's htpasswd.  On the other hand, nginx can use 
> all password schemes supported by crypt(3) on your OS.  Many 
> operating systems do support bcrypt-encrypted passwords in 
> crypt(3), and if Apache's variant is not different from other 
> implementations, it would be enough to change the prefix in the 
> password hashes from Apache-specific $2y$ to the one supported by 
> your OS.

Is it a good idea though to use a very CPU intense hash like bcrypt
in an event-driven webserver?

Bcrypt is intentionally slow, I assume having a lot of bcrypt
protected HTTP transactions would block nginx causing it to slow
down severely?


More information about the nginx mailing list