Bug#572601: [php-maint] Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3
Ondřej Surý wrote: I just checked ext/standard/config.m4 in 5.3.2 and it contains this code: [...] We're definitely talking about standard DES in both versions. Giving a 2 character salt should make it use standard DES. Also the length and format of the output hints at that. The output from php 5.2 should be the same as the output from php 5.3, at least for valid salts. If it isn't there should at least be an explanation for that behaviour somewhere and possibly a workaround. Mind that the crypt() function is frequently used for validating passwords. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#572601: [php-maint] Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3
I just checked ext/standard/config.m4 in 5.3.2 and it contains this code: if test $ac_cv_crypt_blowfish = no || test $ac_cv_crypt_des = no || test $ac_cv_crypt_ext_des = no || test x$php_crypt_r = x0; then And since: checking for crypt in -lcrypt... (cached) yes checking for standard DES crypt... yes checking for extended DES crypt... no checking for MD5 crypt... yes checking for Blowfish crypt... no checking for SHA512 crypt... no checking for SHA256 crypt... no BTW, SHA512 and SHA256 test are just broken. Ondrej -- Ondřej Surý ond...@sury.org http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#572601: [php-maint] Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3
On Tue, Mar 9, 2010 at 14:27, fonsinchen ulfonk_menn...@gmx.de wrote: Ondřej Surý wrote: I just checked ext/standard/config.m4 in 5.3.2 and it contains this code: [...] We're definitely talking about standard DES in both versions. I know. I have listed a reason why does PHP use it's own crypt function implementation. Giving a 2 character salt should make it use standard DES. Also the length and format of the output hints at that. The output from php 5.2 should be the same as the output from php 5.3, at least for valid salts. If it isn't there should at least be an explanation for that behaviour somewhere and possibly a workaround. Mind that the crypt() function is frequently used for validating passwords. The reason why it fails is that from php 5.3.0 there is a new portable re-implementation of crypt function which is used when any of supported crypt function is not found. Ondrej -- Ondřej Surý ond...@sury.org http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org