Salts are usually supposed change. They're not so much random as calculated by a formula which will be different everytime (which is the whole idea behind a salt), and different things that use crypt use thier own formula. As far as I know it really shouldn't matter what salt you use when you create a password though, because when decrypting the passwords it uses those first two letters as the salt to decrypt with. I don't know much about the htpasswd file, but I know most Unix systems use the current time as a salt. Here is an example: $salt = substr ( time () , -8 ); I just wrote a passwd generating program on Solaris 2.6 using this salt, which works fine. If the password won't take, perhaps you're using the wrong encryption for htpasswd.