Edit report at https://bugs.php.net/bug.php?id=55439&edit=1
ID: 55439 Updated by: s...@php.net Reported by: jo at feuersee dot de Summary: crypt() returns only the salt for MD5 Status: Assigned Type: Bug Package: *Encryption and hash functions Operating System: Linux PHP Version: 5.3.7RC5 Assigned To: stas Block user comment: N Private report: N New Comment: Confirming, some very recent update broke it - right now unit tests fail on SVN. I wonder if nobody run it before release? Previous Comments: ------------------------------------------------------------------------ [2011-08-19 21:32:01] jo at feuersee dot de Uhm ok the PHP code wasn't correct but I think you get the point: If crypt() only stores the salt then crypt($pw, $salt) will return the salt and comparing this to $pw is useless as the salt is a constant regardless of $pw. ------------------------------------------------------------------------ [2011-08-19 21:16:03] jo at feuersee dot de Verified for PHP5.3.7 > php -v PHP 5.3.7 (cli) > php -r 'printf("%s\n", crypt("password"));' $1$p4uaO1jN Note that only the salt is returned. AFAIK MD5 is the default encryption type. The big problem is that if an application stores this hashes in a database and uses them for authentication, the problem with this bug is that $valid = crypt($pw, $crypt); will always be TRUE regardless of $pw We do have a serious problem here. I suggest recalling 5.3.7 and go for a 5.3.7pl1 ------------------------------------------------------------------------ [2011-08-19 11:15:37] paj...@php.net stas, could you look at this issue please? It could be related to our latest changes there. ------------------------------------------------------------------------ [2011-08-19 11:03:37] tomp at tomp dot co dot uk Hi, We have also experienced this problem with the official release of PHP 5.3.7. ------------------------------------------------------------------------ [2011-08-19 10:12:40] noel dot butler at ausics dot net This is confirmed bug in stable release 5.3.7 ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=55439 -- Edit this bug report at https://bugs.php.net/bug.php?id=55439&edit=1