Bug #61307 [Nab]: hash-tiger generates a different value between 5.3/5.4

Thu, 08 Mar 2012 09:27:07 -0800 

Edit report at https://bugs.php.net/bug.php?id=61307&edit=1

 ID:                 61307
 Updated by:         m...@php.net
 Reported by:        andres at phalconphp dot com
 Summary:            hash-tiger generates a different value between
                     5.3/5.4
 Status:             Not a bug
 Type:               Bug
 Package:            hash related
 Operating System:   Irrelevant
 PHP Version:        5.4.0
 Block user comment: N
 Private report:     N

 New Comment:

Sorry folks, here's a one-liner to re-create pre-PHP-5.4 hashes:

implode("", array_map("bin2hex", array_map("strrev", 
str_split(hash("tiger192,3", $input, true), 8))));

Truncate the result to the length you need (128,160,192 bits).  Make sure every 
array value is 16 hex digits long or else lpad it with literal 0s.

If you used 192 bit tiger, you can use the following one-liner to create 
correct 
hashes from the wrong ones:

implode("", array_map("bin2hex", array_map("strrev", array_map("hex2bin", 
str_split($wronghash,16)))));


Previous Comments:
------------------------------------------------------------------------
[2012-03-07 19:40:33] me at ktamura dot com

Thanks mike. I should have read the commit message first. Sorry for the false 
allegation.

------------------------------------------------------------------------
[2012-03-07 18:15:40] ras...@php.net

Yeah, I think we need to come up with a way to support both or else it leaves 
people without an easy way to fix those hashes. Technically I guess you can 
reconstruct it from the raw by flipping the bytes, but that is rather error-
prone.

------------------------------------------------------------------------
[2012-03-07 16:22:17] andres at phalconphp dot com

This is quite unfortunate, We have thousand of passwords stored in the wrong 
hash order. It looks like we have to keep PHP 5.3 for a long time.

------------------------------------------------------------------------
[2012-03-07 10:55:03] m...@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See changelog in documentation.

------------------------------------------------------------------------
[2012-03-06 23:58:10] me at ktamura dot com

This is a bug in ext/hash/hash_tiger.c It looks like there was a mistake during 
refactoring. I am attaching a patch.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61307


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61307&edit=1

Reply via email to