Da documentazione di Apache :
htpasswd
is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users.
Esempi:
htpasswd /usr/local/etc/apache/.htpasswd-users jsmith
Adds or modifies the password for user jsmith. The user is prompted
for the password. The password will be encrypted using the modified
Apache MD5 algorithm. If the file does not exist, htpasswd
will do
nothing except return an error.
htpasswd -c /home/doe/public_html/.htpasswd jane
Creates a new file and stores a record in it for user jane. The user
is prompted for the password. If the file exists and cannot be read,
or cannot be written, it is not altered and htpasswd
will display a
message and return an error status.
htpasswd -db /usr/web/.htpasswd-all jones Pwd4Steve
Encrypts the password from the command line (Pwd4Steve) using the
crypt()
algorithm, and stores it in the specified file.
Questo è fuorviante in quanto la password non è crittografata, ma piuttosto hash, e cattiva perché usa md5 ( iterated 1000 volte ) per impostazione predefinita. Dovresti usare htpasswd -B
per usare invece bcrypt.