Edit report at http://bugs.php.net/bug.php?id=54721&edit=1
ID: 54721 Updated by: paj...@php.net Reported by: os at irj dot ru Summary: crypt function -Status: Feedback +Status: Closed Type: Bug Package: *Encryption and hash functions Operating System: Windows 7 x64 PHP Version: 5.3.6 Assigned To: pajoye Block user comment: N Private report: N New Comment: Fixed in all active branches and trunk. Previous Comments: ------------------------------------------------------------------------ [2011-05-24 15:48:06] paj...@php.net Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=311390 Log: - Fix #54721, different Hashes on Windows, BSD and Linux on wrong Salt size ------------------------------------------------------------------------ [2011-05-22 19:22:51] paj...@php.net oh my bad, used the wrong bins. Here are the results with the patch on windows, seems to match now: $1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0 $1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/ $1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg. $1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980 $1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9. $1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1 $1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0 ------------------------------------------------------------------------ [2011-05-22 18:40:51] fel...@php.net On Linux (Debian): $1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0 $1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/ $1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg. $1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980 $1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9. $1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1 $1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0 ------------------------------------------------------------------------ [2011-05-22 18:29:44] paj...@php.net On FreeBSD I got (which uses system's crypt): <?php echo crypt("dev", '$1$dW0.is5.$10CH101gGOr1677ZYd517.'); ?> .ionEGu/npGjI With the proposed fix, I got on windows (which is what this bug is about): $1$dW0.is5.$Jay703TqfAIolX2oUKG7u1 Which is not what the initial report says, it expects: $1$dW0.is5.$10CH101gGOr1677ZYd517. And using the tests provided privately: <?php echo crypt("", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("b", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("bu", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("bug", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("pass", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("buged", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; echo crypt("aaaaaaaaaaaaaaaaaaaaaaaaa ", '$1$dW0.is5.$10CH101gGOr1677ZYd517.') . "\n"; ?> Windows (with patch): $1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0 $1$dW0.is5.$geEFTh1pYyBlKNV7Jd0jJ0 $1$dW0.is5.$J9qpZsnaE3ddwR9CfXJq71 $1$dW0.is5.$5tcolHQsY5Pxr8vn4rzdN/ $1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9. $1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1 $1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0 FreeBSD: $1$dW0.is5.$I0iqTYHPzkP4YnRgnXxZW0 $1$dW0.is5.$KaspRpPQ9U7Xb5Vv5c.WE/ $1$dW0.is5.$X9G1x/Ep8zYQSrU4/lKUg. $1$dW0.is5.$wE5Rz/HxPtDMfqil6kK980 $1$dW0.is5.$2E4/ZDY1vr73HqLl1bLs9. $1$dW0.is5.$lvGhphTQwqgKxWhWwYERr1 $1$dW0.is5.$XzsWcLSBj2BvhOKH0xdpZ0 I don't think the patch or the initial report is correct and it somehow confirms my thoughts, len>16 is really implementation specific. Or did I miss something? ------------------------------------------------------------------------ [2011-05-21 20:11:26] tony2...@php.net Pierre, could you test the proposed fix, please? Thanks in advance. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=54721 -- Edit this bug report at http://bugs.php.net/bug.php?id=54721&edit=1