Edit report at http://bugs.php.net/bug.php?id=51282&edit=1
ID: 51282
Updated by: j...@php.net
Reported by: jerome dot auge at anakeen dot com
Summary: crypt() result different between PHP 5.3.1 and PHP
5.3.2
-Status: Open
+Status: Assigned
-Type: Bug
+Type: Documentation Problem
Package: *Encryption and hash functions
Operating System: Mac, Linux
PHP Version: 5.3.2
-Assigned To:
+Assigned To: joey
Previous Comments:
------------------------------------------------------------------------
[2010-03-12 10:54:22] jerome dot auge at anakeen dot com
Description:
------------
I use crypt() to store and validate passwords using the « Standard DES
» hash, and after upgrading to 5.3.2, the hashed password of an account
is not the same as the one generated with PHP 5.3.1 :
With PHP 5.3.1 :
$ php -r 'print crypt("anakeen", "A^")."\n";'
A^1ul2Jf7VS2M
After upgrading to PHP 5.3.2 :
$ php -r 'print crypt("anakeen", "A^")."\n";'
A^/ImZ5hqd2VU
I tested both on Mac (macports) and on Linux (rawhide), and the hash
result was different on both platform.
On Mac OS X (10.5), the Perl (or C) crypt gives me the same results as
PHP 5.3.1 :
$ perl -e 'print crypt("anakeen", "A^")."\n";'
A^1ul2Jf7VS2M
While on Linux, the Perl script gives me the same result as PHP 5.3.2.
It appears that there is a difference in the crypt() function, between
these platforms, regarding the presence of non alpha-num chars in the
salt :
Mac OS X with "A-" salt = different hashes :
$ php -r 'print crypt("anakeen", "A-")."\n";'
A-75An91LCLEM
$ perl -e 'print crypt("anakeen", "A-")."\n"';
A-1ul2Jf7VS2M
Mac OS X with "A9" salt = same hashes :
$ perl -e 'print crypt("anakeen", "A9")."\n"';
A9Pf3.gAayQMM
$ php -r 'print crypt("anakeen", "A9")."\n";'
A9Pf3.gAayQMM
Maybe I should not have used non alpha-num chars for my salt in the
first place ?
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=51282&edit=1
