In .htaccess I believe the default is MD5. There is a really nice module for writing apache compatable passwords: Crypt::PasswdMD5 . You might want to ask your administrator what is being used. If that's you, you might want to look at httpd.conf or apache.org for more information. That is if you're using apache. IIS can use some sort of windows authentication scheme, etc.