Edit report at https://bugs.php.net/bug.php?id=55717&edit=1
ID: 55717 User updated by: gelliott000 at yahoo dot ca Reported by: gelliott000 at yahoo dot ca Summary: Crypt returns "*0" instead of hashed string. Status: Bogus Type: Bug Package: *Encryption and hash functions Operating System: FreeBSD 7.2 PHP Version: 5.3.8 Block user comment: N Private report: N New Comment: I'm sorry to be persistent, but I don't think that this is a problem with the salt length. To demonstrate, I have run crypt on several platforms with several versions of PHP. I ran crypt with the same string, but a different salt that varied by just one character: 1st case: crypt("veronica", "aQ"); 2nd case: crypt("veronica", "_Q"); The first case produces the same hashed string in all versions and platforms. The second cases produces a proper hashed string with the 5.1 and 5.2 variants, but not so with most of the 5.3 variants. Results for 1st case [crypt("veronica", "aQ")]: PHP 5.1.6 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk. PHP 5.2.17 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk. PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) / Linux : aQW/7xmAl9Wk. PHP 5.3.0 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk. PHP 5.3.4 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk. PHP 5.3.6 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk. PHP 5.3.8 (cli) / Ubuntu Linux (2.6.32): aQW/7xmAl9Wk. PHP 5.3.8 with Suhosin-Patch (cli) / FreeBSD 7.2 : aQW/7xmAl9Wk. Results for the 2nd case [crypt("veronica", "_Q")]: PHP 5.1.6 (cli) / RHEL Linux 2.6.18: _Q9SLgD4qEEgM PHP 5.2.17 (cli) / RHEL Linux 2.6.18: _Q9SLgD4qEEgM PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) / Linux : _Q9SLgD4qEEgM PHP 5.3.0 (cli) / RHEL Linux 2.6.18: _Q$$$$$$$qK1ZM2vrJkU PHP 5.3.4 (cli) / RHEL Linux 2.6.18: *0 PHP 5.3.6 (cli) / RHEL Linux 2.6.18: *0 PHP 5.3.7 with Suhosin-Patch (cli) / FreeBSD 7.2 : *0 PHP 5.3.8 (cli) / Ubuntu Linux (2.6.32): *0 PHP 5.3.8 with Suhosin-Patch (cli) / FreeBSD 7.2 : *0 Previous Comments: ------------------------------------------------------------------------ [2011-09-17 19:46:27] paj...@php.net ah, sorry, I misread the *0 part. Please see the documentation (salt length, return value on failure). ------------------------------------------------------------------------ [2011-09-17 19:34:11] gelliott000 at yahoo dot ca I have been able to reproduce the bug under Ubuntu Linux (2.6.32) and a clean 5.3.8 release download: PHP 5.3.8 (cli) (built: Sep 17 2011 14:59:12) ------------------------------------------------------------------------ [2011-09-17 18:30:25] paj...@php.net Please try using a plain PHP fetched either from our svn or from a release download. ------------------------------------------------------------------------ [2011-09-17 18:15:37] gelliott000 at yahoo dot ca Description: ------------ PHP 5.3.8 with Suhosin-Patch (cli) (built: Sep 12 2011 10:57:59) Using the crypt() function with string "veronica" and salt "_Q" returns an unexpected string: "*0". Was expecting a proper hashed string beginning with the salt string to be returned. Test script: --------------- <?php echo crypt("veronica","_Q"); ?> Expected result: ---------------- A hashed string beginning with the salt string to be returned. Actual result: -------------- The string "*0" is returned. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55717&edit=1