ID: 50334 User updated by: hanno at hboeck dot de Reported By: hanno at hboeck dot de -Status: Feedback +Status: Open Bug Type: *Encryption and hash functions Operating System: Linux PHP Version: 5.3.1 Assigned To: pajoye New Comment:
I'm using Gentoo Linux. It has no "official" php 5.3 package, I'm using a modified own ebuild/eclass (to allow parallel installation of 5.2/5.3), if that matters you can grab it here: https://svn.schokokeks.org/repos/overlay/trunk/ Previous Comments: ------------------------------------------------------------------------ [2009-11-30 14:33:56] [email protected] Still need the answer to my question. ------------------------------------------------------------------------ [2009-11-30 14:31:46] [email protected] Pierre, this is caused by bad idea of requiring ALL of blowfish, des, ext des and md5. You should provide the fallback only for those that aren't found. ------------------------------------------------------------------------ [2009-11-30 14:29:38] [email protected] Assigned to Pierre who broke this. ------------------------------------------------------------------------ [2009-11-30 14:18:10] [email protected] Which linux distribution do you use exactly (name, version)? ------------------------------------------------------------------------ [2009-11-30 12:48:33] hanno at hboeck dot de Description: ------------ PHP has the crypt()-function which can create salted-hashes (e.g. usable for shadow-passwords). Although it's not documented, in PHP 5.2 it was possible to pass the prefix for sha512 like in the corresponding glibc-function. Example: echo crypt('foo','$6$$bar$'); gives $6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu. Now the same code in PHP 5.3.1 gives $6A86JNndVTdM (which is basically just crypt ignoring the $6-prefix for the salt) I assume may have something to do with (cited from crypt-documentation): "Note: As of PHP 5.3.0, PHP contains its own implementation and will use that if the system lacks of support for one or more of the algorithms. " Reproduce code: --------------- echo crypt('foo','$6$$bar$'); Expected result: ---------------- $6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu. Actual result: -------------- $6A86JNndVTdM ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50334&edit=1
