From:
Operating system: Mac, Linux
PHP version: 5.3.2
Package: *Encryption and hash functions
Bug Type: Bug
Bug description:crypt() result different between PHP 5.3.1 and PHP 5.3.2
Description:
------------
I use crypt() to store and validate passwords using the « Standard DES »
hash, and after upgrading to 5.3.2, the hashed password of an account is
not the same as the one generated with PHP 5.3.1 :
With PHP 5.3.1 :
$ php -r 'print crypt("anakeen", "A^")."\n";'
A^1ul2Jf7VS2M
After upgrading to PHP 5.3.2 :
$ php -r 'print crypt("anakeen", "A^")."\n";'
A^/ImZ5hqd2VU
I tested both on Mac (macports) and on Linux (rawhide), and the hash result
was different on both platform.
On Mac OS X (10.5), the Perl (or C) crypt gives me the same results as PHP
5.3.1 :
$ perl -e 'print crypt("anakeen", "A^")."\n";'
A^1ul2Jf7VS2M
While on Linux, the Perl script gives me the same result as PHP 5.3.2.
It appears that there is a difference in the crypt() function, between
these platforms, regarding the presence of non alpha-num chars in the salt
:
Mac OS X with "A-" salt = different hashes :
$ php -r 'print crypt("anakeen", "A-")."\n";'
A-75An91LCLEM
$ perl -e 'print crypt("anakeen", "A-")."\n"';
A-1ul2Jf7VS2M
Mac OS X with "A9" salt = same hashes :
$ perl -e 'print crypt("anakeen", "A9")."\n"';
A9Pf3.gAayQMM
$ php -r 'print crypt("anakeen", "A9")."\n";'
A9Pf3.gAayQMM
Maybe I should not have used non alpha-num chars for my salt in the first
place ?
--
Edit bug report at http://bugs.php.net/bug.php?id=51282&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51282&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51282&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51282&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51282&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51282&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51282&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51282&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51282&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51282&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51282&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51282&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51282&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51282&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51282&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51282&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51282&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51282&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51282&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51282&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51282&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51282&r=mysqlcfg
