Edit report at https://bugs.php.net/bug.php?id=64745&edit=1
ID: 64745 Updated by: ircmax...@php.net Reported by: ezzatron at gmail dot com Summary: hash_pbkdf2() truncates data when using default length and hex output -Status: Assigned +Status: Closed Type: Bug Package: hash related PHP Version: 5.5.0beta4 Assigned To: ircmaxell Block user comment: N Private report: N New Comment: Automatic comment on behalf of ircmax...@gmail.com Revision: http://git.php.net/?p=php-src.git;a=commit;h=540a5a52e89fce6da19d6f79dd1eda587a25b396 Log: Fix #64745 hash_pbkdf2 truncation issue Previous Comments: ------------------------------------------------------------------------ [2013-05-15 13:06:14] ircmax...@php.net Ahh, very interesting find. Will confirm, write a test case, and push a fix for it later today. Thanks for the report! ------------------------------------------------------------------------ [2013-05-01 00:18:45] ezzatron at gmail dot com Description: ------------ When passing 0 as the length to hash_pbkdf2(), the behaviour is inconsistent between raw output and hex-encoded output. See the test script for a concrete example. There are also no tests for the use case where length is defaulted in the current test suite (http://bit.ly/YcgMMu). I'm attempting to write a compatibility library for this function for PHP versions earlier that 5.5, so the test suite for https://github.com/eloquent/pbkdf2-compat and its build history in Travis CI may also be useful, as it documents the current behaviour more extensively. Test script: --------------- <?php $hash = hash_pbkdf2('sha1', 'password', 'salt', 1, 0); $rawHash = hash_pbkdf2('sha1', 'password', 'salt', 1, 0, true); var_dump($hash); var_dump(bin2hex($rawHash)); Expected result: ---------------- string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" Actual result: -------------- string(20) "0c60c80f961f0e71f3a9" string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6" ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64745&edit=1