Nginx htpasswd old password still working 2021-11-17 02:45

Today I encountered a problem about htpasswd. I use htpasswd to make simple user authentication for my website. I use nginx as the reverse agent of my personal website. Today I tried to modify a password. I added a random number behind my old password. Like this old_pwd -> old_pwd_666. After the password is modified, I found that the old password can still pass the authentication. It's too strange. After reviewing the htpasswd helping documentation, I found the reason for the problem.

When using the crypt() algorithm, note that only the  first  8  characters  of  the
password  are  used  to  form the password. If the supplied password is longer, the
extra characters will be silently discarded.

My original password length is 8 characters!!! Therefore, the random number added later is ignored.