ID: 50334
Updated by: [email protected]
Reported By: hanno at hboeck dot de
-Status: Open
+Status: Feedback
Bug Type: *Encryption and hash functions
Operating System: Linux
PHP Version: 5.3.1
-Assigned To:
+Assigned To: pajoye
New Comment:
Which linux distribution do you use exactly (name, version)?
Previous Comments:
------------------------------------------------------------------------
[2009-11-30 12:48:33] hanno at hboeck dot de
Description:
------------
PHP has the crypt()-function which can create salted-hashes (e.g.
usable for shadow-passwords). Although it's not documented, in PHP 5.2
it was possible to pass the prefix for sha512 like in the corresponding
glibc-function.
Example:
echo crypt('foo','$6$$bar$');
gives
$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu.
Now the same code in PHP 5.3.1 gives
$6A86JNndVTdM
(which is basically just crypt ignoring the $6-prefix for the salt)
I assume may have something to do with (cited from
crypt-documentation):
"Note: As of PHP 5.3.0, PHP contains its own implementation and will
use that if the system lacks of support for one or more of the
algorithms. "
Reproduce code:
---------------
echo crypt('foo','$6$$bar$');
Expected result:
----------------
$6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu.
Actual result:
--------------
$6A86JNndVTdM
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=50334&edit=1
