Bug #55439 [Asn]: crypt() returns only the salt for MD5

Fri, 19 Aug 2011 15:20:04 -0700 

Edit report at https://bugs.php.net/bug.php?id=55439&edit=1

 ID:                 55439
 Updated by:         s...@php.net
 Reported by:        jo at feuersee dot de
 Summary:            crypt() returns only the salt for MD5
 Status:             Assigned
 Type:               Bug
 Package:            *Encryption and hash functions
 Operating System:   Linux
 PHP Version:        5.3.7RC5
 Assigned To:        stas
 Block user comment: N
 Private report:     N

 New Comment:

Confirming, some very recent update broke it - right now unit tests fail on 
SVN. I 
wonder if nobody run it before release?


Previous Comments:
------------------------------------------------------------------------
[2011-08-19 21:32:01] jo at feuersee dot de

Uhm ok the PHP code wasn't correct but I think you get the point:
If crypt() only stores the salt then crypt($pw, $salt) will return the salt and 
comparing this to $pw is useless as the salt is a constant regardless of $pw.

------------------------------------------------------------------------
[2011-08-19 21:16:03] jo at feuersee dot de

Verified for PHP5.3.7 
> php -v
PHP 5.3.7 (cli) 

> php -r 'printf("%s\n", crypt("password"));'
$1$p4uaO1jN

Note that only the salt is returned.

AFAIK MD5 is the default encryption type.

The big problem is that if an application stores this hashes in a database and 
uses them for authentication, the problem with this bug is that 
$valid = crypt($pw, $crypt);
will always be TRUE regardless of $pw

We do have a serious problem here. I suggest recalling 5.3.7 and go for a 
5.3.7pl1

------------------------------------------------------------------------
[2011-08-19 11:15:37] paj...@php.net

stas, could you look at this issue please? It could be related to our latest 
changes there.

------------------------------------------------------------------------
[2011-08-19 11:03:37] tomp at tomp dot co dot uk

Hi,

We have also experienced this problem with the official release of PHP 5.3.7.

------------------------------------------------------------------------
[2011-08-19 10:12:40] noel dot butler at ausics dot net

This is confirmed bug in stable release 5.3.7

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=55439


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=55439&edit=1

Reply via email to