From:
Operating system: windows 7
PHP version: 5.3.2
Package: hash related
Bug Type: Bug
Bug description:crypt (md5) with same key and salt specified gives different
output
Description:
------------
My understanding of the crypt() function is that it prepends the salt onto
the resulting hash. Thereafter feeding the resulting hash as the salt
argument to the crypt() function with the same original key should result
in the same hash. We have used this extensively to encrypt/store and
compare passwords for authentication purposes.
Thus the following code should result in "MATCH":
(see example A below)
In any version I've tested of PHP on a linux platform as well as 5.2.11 on
a windows platform I get "MATCH" -- this is correct. But on 5.3.0 or 5.3.1
or 5.3.2 on windows I get "NO MATCH".
(see Example B below)
On any PHP version on a linux platform or on any pre-PHP 5.3.0 version on
windows I get all identical hashes - this is good (same key, same salt,
should result in the same hash). But on any PHP 5.3.0 or later on windows
I get all 4 being different (same first 12 characters).
I have verified that this bug occurs ON A WINDOWS PLATFORM (WAMPSERVER) in
5.3.0 and 5.3.1 and 5.3.2 but does not happen on 5.2.11.
I have verified that this bug does not occur on a linux platform running
sample versions of 5.3.x.
I have verified that if I use a key of 4 or more characters the bug
disappears. Thus if you replace "abc" with "abcd" in the above code
everything works fine across the board. This bug only occurs with a key of
3 or fewer characters.
Why is this important? I'm using code similar to this to determine whether
passwords stored as encrypted hash match the password users just entered --
if they use a short password (3 or less characters -- not wise, but in a
low-security environment there's been no need to limit that) then moving to
5.3.x means they can no longer log in.
Test script:
---------------
Example A:
$foo = crypt("abc");
$bar = crypt("abc", $foo);
if ($foo == $bar) echo "MATCH";
else echo "NO MATCH";
Example B:
$hash0 = crypt('abc');
$hash2 = crypt('abc', $hash0);
$hash3 = crypt('abc', $hash2);
$hash4 = crypt('abc', $hash3);
echo "local config: <br>\nhash0=$hash0,
<br>\nhash2=$hash2<br>\nhash3=$hash3<br>\nhash4=$hash4<br>\n";
Expected result:
----------------
Example A:
Expect output of "MATCH"
Example B:
Expect 4 identical hashes to be printed, like this (obtained from 5.2.11):
local config:
hash0=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7.,
hash2=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7.
hash3=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7.
hash4=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7.
Actual result:
--------------
Example A (on a windows machine running 5.3.x):
NO MATCH
Example B (on a windows machine running 5.3.x):
local config:
hash0=$1$ta2.y55.$BYwQQt5ybMoX9I6Yqa5gX1,
hash2=$1$ta2.y55.$ngRiBNwmsuMxW.9B7OTB3/
hash3=$1$ta2.y55.$D4w8u73CH0ljNiwgqkX9p0
hash4=$1$ta2.y55.$ytnCYJ3ZKie4Fkei4SBmu.
--
Edit bug report at http://bugs.php.net/bug.php?id=51996&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51996&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51996&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=51996&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=51996&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51996&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51996&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51996&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51996&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51996&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51996&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51996&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51996&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51996&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51996&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51996&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51996&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51996&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51996&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51996&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51996&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51996&r=mysqlcfg
