Edit report at https://bugs.php.net/bug.php?id=55477&edit=1
ID: 55477 Updated by: bj...@php.net Reported by: christian at pingdom dot com Summary: crypt() returns inconsistent hashes for non-ASCII characters -Status: Open +Status: Bogus Type: Bug Package: *Encryption and hash functions Operating System: Linux PHP Version: 5.3.7 Block user comment: N Private report: N New Comment: This is expected, see http://www.openwall.com/lists/announce/2011/06/21/1 You need to use $2x$ for non-ascii, sorry :( Previous Comments: ------------------------------------------------------------------------ [2011-08-22 12:47:41] christian at pingdom dot com Description: ------------ Hashes generated with crypt() (using Blowfish) on PHP 5.3.5 or 5.3.3 cannot be validated on 5.3.7, if the hashed strings contain non-ASCII characters. The reverse is also true, if the hashes were generated on 5.3.7, they cannot be validated on 5.3.3 or 5.3.5. Test script: --------------- $passwords = array( // these hashes were generated on PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch (cli) (built: May 2 2011 23:00:17) 'brownfox' => '$2a$07$usesomesillystringforeD/hyr5e1bWX2PzwckMuCRNQMTrQNr72', 'Boxkämpfer' => '$2a$07$usesomesillystringfore36pVDWFz65CbxoLgSgVURqHWU4yEqye', 'ÑаÑÑлива' => '$2a$07$usesomesillystringforeoM7K1pyDjeAG1F42k34MP.tbiMnNcy.', 'Põdur' => '$2a$07$usesomesillystringfore1iPxMN9wh4Cr2oVR6nmdILWylX9D0iO', ); foreach ($passwords as $password => $hash) { $computedHash = crypt($password, $hash); if ($computedHash == $hash) { echo "hash OK\n"; } else { echo "hash FAIL ($hash != $computedHash)\n"; } } Expected result: ---------------- hash OK hash OK hash OK hash OK Actual result: -------------- hash OK hash FAIL ($2a$07$usesomesillystringfore36pVDWFz65CbxoLgSgVURqHWU4yEqye != $2a$07$usesomesillystringforeelZZJE6VQ2/DIcx1J.D.htZuAQIV43S) hash FAIL ($2a$07$usesomesillystringforeoM7K1pyDjeAG1F42k34MP.tbiMnNcy. != $2a$07$usesomesillystringforevg24bYcXKv2WUiCZvAH627ba6aubiNC) hash FAIL ($2a$07$usesomesillystringfore1iPxMN9wh4Cr2oVR6nmdILWylX9D0iO != $2a$07$usesomesillystringforeuqJNc6ZnvGzLGss/.ZcwQdygkbYamRq) ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55477&edit=1