Short version: With which characters/symbols does Windows CMD have problems (of any kind)? Long version: Some software I use requires manual generation of BCrypt hashes. There are online generators, but for safety I need to generate such hashes offline. I use HTPassWd.exe from Apache HTTP Server binary packages. The issue I have is that some combination of password characters/symbols results in hash generation failure and I think it is a Windows / Windows CMD failure to recognize some characters/symbols because identical passwords produce functional hashes when online BCrypt generators are used. Password: Code: 4|%OJ6bBy7E";bF0QGZI.>6SL~i[=!fF HTTPassWd command: Code: HTPassWd.exe -bnBC 12 User 4|%OJ6bBy7E";bF0QGZI.>6SL~i[=!fF Windows result: Code: '%OJ6bBy7E";bF0QGZI.>6SL~i[=!fF' is not recognized as an internal or external command, operable program or batch file. In the case above, Windows doesn't even include the first 2 password characters/symbols when producing resulting message. There are other cases with other messages (and hash generation failure). The same password generates a perfectly function hash if use via online BCrypt generators. Another issue is that some passwords with a variety of characters/symbtols produce non-functional hashes when generated through HTTPassWd.exe, but functional ones when produced via online BCrypt generators. The only solution for now is either to use online BCrypt generators with strong passwords or to use HTPassWd.exe with weak passwords (lower-case letters + uppercase letters + numbers). Neither solution is satisfactory.
worth a try ... not promise to work ... as long keep out any -> " <- chars if I had the original file i could test this ... Code: (<nul set /p ="4|%OJ6bBy7E;bF0QGZI.>6SL~i[=!fF") | HTPassWd.exeecho -bnBC 12 User echo "4|%OJ6bBy7E;bF0QGZI.>6SL~i[=!fF" | HTPassWd.exeecho -bnBC 12 User
That's not character recognition failure, but some characters are reserved for redirection and piping. In the case above, the character "|" is the piping symbol and not taken as literal unless you escape it. Escaping is done by the character "^". Further symbols that must be escaped are the "<" ">" ones (redirectors). Possibly, there are more. The first line in the above post seems to work, too. The second will, however, include the double quotes in the output and that might be misinterpreted.