.. index:: Apache; md5 password hash

======================================================================
:class:`passlib.hash.apr_md5_crypt` - Apache's MD5-Crypt variant
======================================================================

.. warning::

    As of 2012-6-7, the MD5-Crypt  algorithm is "no longer considered safe"
    by it's author, who urges migration to newer hash algorithms.

.. currentmodule:: passlib.hash

This hash is a variation of :class:`~passlib.hash.md5_crypt`,
primarily used by the Apache webserver in ``htpasswd`` files.
It contains only minor changes to the MD5-Crypt algorithm,
and should be considered just as weak as MD5-Crypt itself.

.. seealso::

    * :ref:`password hash usage <password-hash-examples>` --
      for examples of how to use this class via the common hash interface.

    * :mod:`passlib.apache` -- routines for manipulating ``htpasswd`` files.

Interface
=========
.. autoclass:: apr_md5_crypt()

Format & Algorithm
==================
This format and algorithm of Apache's MD5-Crypt is identical
to the original MD5-Crypt, except for two changes:

1. The encoded string uses ``$apr1$`` as it's prefix, while md5-crypt uses ``$1$``.

2. The algorithm uses ``$apr1$`` as a constant in the step where md5-crypt uses
   ``$1$`` in it's calculation of digest B (see the :ref:`md5-crypt algorithm <md5-crypt-algorithm>`).
   Because of this change, even raw checksums generated by apr-md5-crypt and md5-crypt
   are not compatible with eachother.

See :doc:`md5_crypt <passlib.hash.md5_crypt>` for the format & algorithm
descriptions, as well as security notes.

.. rubric:: Footnotes

.. [#] Apache's description of Apr-MD5-Crypt -
       `<http://httpd.apache.org/docs/2.2/misc/password_encryptions.html>`_