Edit report at http://bugs.php.net/bug.php?id=51282&edit=1
ID: 51282 Updated by: j...@php.net Reported by: jerome dot auge at anakeen dot com Summary: crypt() result different between PHP 5.3.1 and PHP 5.3.2 -Status: Open +Status: Assigned -Type: Bug +Type: Documentation Problem Package: *Encryption and hash functions Operating System: Mac, Linux PHP Version: 5.3.2 -Assigned To: +Assigned To: joey Previous Comments: ------------------------------------------------------------------------ [2010-03-12 10:54:22] jerome dot auge at anakeen dot com Description: ------------ I use crypt() to store and validate passwords using the « Standard DES » hash, and after upgrading to 5.3.2, the hashed password of an account is not the same as the one generated with PHP 5.3.1 : With PHP 5.3.1 : $ php -r 'print crypt("anakeen", "A^")."\n";' A^1ul2Jf7VS2M After upgrading to PHP 5.3.2 : $ php -r 'print crypt("anakeen", "A^")."\n";' A^/ImZ5hqd2VU I tested both on Mac (macports) and on Linux (rawhide), and the hash result was different on both platform. On Mac OS X (10.5), the Perl (or C) crypt gives me the same results as PHP 5.3.1 : $ perl -e 'print crypt("anakeen", "A^")."\n";' A^1ul2Jf7VS2M While on Linux, the Perl script gives me the same result as PHP 5.3.2. It appears that there is a difference in the crypt() function, between these platforms, regarding the presence of non alpha-num chars in the salt : Mac OS X with "A-" salt = different hashes : $ php -r 'print crypt("anakeen", "A-")."\n";' A-75An91LCLEM $ perl -e 'print crypt("anakeen", "A-")."\n"'; A-1ul2Jf7VS2M Mac OS X with "A9" salt = same hashes : $ perl -e 'print crypt("anakeen", "A9")."\n"'; A9Pf3.gAayQMM $ php -r 'print crypt("anakeen", "A9")."\n";' A9Pf3.gAayQMM Maybe I should not have used non alpha-num chars for my salt in the first place ? ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=51282&edit=1