From: pwormer at science dot ru dot nl Operating system: windows/linux PHP version: 5.4.11 Package: hash related Bug Type: Bug Bug description:sha256 hashes "#", "&", and "+" incorrectly.
Description: ------------ The JavaScript functions at: http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha256.js and http://www.movable-type.co.uk/scripts/sha256.html give the same hash for any password of any length consisting of ASCII 32 through 128. Almost always the hash is the same as obtained from PHP: hash("sha256", $pswd). Exceptions (bugs?) are passwords containing one or more of the three characters: "#" (number sign), "&" (ampersand), or "+" (plus sign). Tested with XAMPP (PHP 5.4.7), FireFox and Chrome and Linux server. Test script: --------------- See http://www.theochem.ru.nl/~pwormer/sha256bug.php This URL calls SHA256.php which contains the following four lines <?php $pswd = $_GET["pswd"]; echo hash("sha256", $pswd); ?> Expected result: ---------------- I expect JavaScript and PHP to give same Sha-256 hashes Actual result: -------------- Hash of # (single character): JS: 334359b90efed75da5f0ada1d5e6b256f4a6bd0aee7eb39c0f90182a021ffc8b PHP: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 -- Edit bug report at https://bugs.php.net/bug.php?id=64211&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64211&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64211&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64211&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64211&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64211&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64211&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64211&r=needscript Try newer version: https://bugs.php.net/fix.php?id=64211&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=64211&r=support Expected behavior: https://bugs.php.net/fix.php?id=64211&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64211&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64211&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64211&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64211&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64211&r=dst IIS Stability: https://bugs.php.net/fix.php?id=64211&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=64211&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64211&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64211&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64211&r=mysqlcfg