Edit report at https://bugs.php.net/bug.php?id=62488&edit=1
ID: 62488 Comment by: daniel at heath dot cc Reported by: smt837784 at yahoo dot com Summary: Invalid bcrypt hash Status: Open Type: Bug Package: *Encryption and hash functions Operating System: Fedora 16 (3.3.4-1.fc16.x86_64) PHP Version: 5.3.14 Block user comment: N Private report: N New Comment: Allowing these '$' characters without reporting any errors is confusing; these hashes cannot be decoded by any standard-compliant implementation of bcrypt. Previous Comments: ------------------------------------------------------------------------ [2012-07-06 03:06:17] smt837784 at yahoo dot com Description: ------------ If the salt is less than 128 bits (22 characters in base 64) it is padded with "$" instead of ".". Which is an invalid bcrypt hash. Test script: --------------- echo crypt('', '$2y$04$......................') . '<br>'; echo crypt('', '$2y$04$....') . '<br>'; echo crypt('', '$2y$04$....$$$$$$$$$$$$$$$$$.'); // keep backwards compatibility Expected result: ---------------- $2y$04$......................w74bL5gU7LSJClZClCa.Pkz14aTv/XO $2y$04$......................w74bL5gU7LSJClZClCa.Pkz14aTv/XO $2y$04$....$$$$$$$$$$$$$$$$$.w74bL5gU7LSJClZClCa.Pkz14aTv/XO Actual result: -------------- $2y$04$......................w74bL5gU7LSJClZClCa.Pkz14aTv/XO $2y$04$....$$$$$$$$$$$$$$$$$.w74bL5gU7LSJClZClCa.Pkz14aTv/XO $2y$04$....$$$$$$$$$$$$$$$$$.w74bL5gU7LSJClZClCa.Pkz14aTv/XO ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62488&edit=1