luky-37 at hotmail.com
Fri Jun 23 13:24:19 UTC 2017
> In nginx there is no native support for bcrypt passwords as
> produced by Apache's htpasswd. On the other hand, nginx can use
> all password schemes supported by crypt(3) on your OS. Many
> operating systems do support bcrypt-encrypted passwords in
> crypt(3), and if Apache's variant is not different from other
> implementations, it would be enough to change the prefix in the
> password hashes from Apache-specific $2y$ to the one supported by
> your OS.
Is it a good idea though to use a very CPU intense hash like bcrypt
in an event-driven webserver?
Bcrypt is intentionally slow, I assume having a lot of bcrypt
protected HTTP transactions would block nginx causing it to slow
More information about the nginx