Bug #55439 [Asn]: crypt() returns only the salt for MD5

Fri, 19 Aug 2011 14:32:21 -0700 

Edit report at https://bugs.php.net/bug.php?id=55439&edit=1

 ID:                 55439
 User updated by:    jo at feuersee dot de
 Reported by:        jo at feuersee dot de
 Summary:            crypt() returns only the salt for MD5
 Status:             Assigned
 Type:               Bug
 Package:            *Encryption and hash functions
 Operating System:   Linux
 PHP Version:        5.3.7RC5
 Assigned To:        stas
 Block user comment: N
 Private report:     N

 New Comment:

Uhm ok the PHP code wasn't correct but I think you get the point:
If crypt() only stores the salt then crypt($pw, $salt) will return the salt and 
comparing this to $pw is useless as the salt is a constant regardless of $pw.


Previous Comments:
------------------------------------------------------------------------
[2011-08-19 21:16:03] jo at feuersee dot de

Verified for PHP5.3.7 
> php -v
PHP 5.3.7 (cli) 

> php -r 'printf("%s\n", crypt("password"));'
$1$p4uaO1jN

Note that only the salt is returned.

AFAIK MD5 is the default encryption type.

The big problem is that if an application stores this hashes in a database and 
uses them for authentication, the problem with this bug is that 
$valid = crypt($pw, $crypt);
will always be TRUE regardless of $pw

We do have a serious problem here. I suggest recalling 5.3.7 and go for a 
5.3.7pl1

------------------------------------------------------------------------
[2011-08-19 11:15:37] [email protected]

stas, could you look at this issue please? It could be related to our latest 
changes there.

------------------------------------------------------------------------
[2011-08-19 11:03:37] tomp at tomp dot co dot uk

Hi,

We have also experienced this problem with the official release of PHP 5.3.7.

------------------------------------------------------------------------
[2011-08-19 10:12:40] noel dot butler at ausics dot net

This is confirmed bug in stable release 5.3.7

------------------------------------------------------------------------
[2011-08-17 13:03:20] jo at feuersee dot de

Description:
------------
If crypt() is executed with MD5 salts, the return value conists of the salt 
only.
DES and BLOWFISH salts work as expected.

I tested with php from openSUSE PHP5 repository

> php -v
PHP 5.3.7RC6-dev (cli)
> rpm -q php5
php5-5.3.6.201108112132-94.1.x86_64

Test script:
---------------
printf("MD5: %s\n", crypt('password', '$1$U7AjYB.O$'));


Expected result:
----------------
MD5: $1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1

Actual result:
--------------
MD5: $1$U7AjYB.O


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55439&edit=1

Reply via email to