From: anj at aps dot anl dot gov
Operating system: Solaris 8
PHP version: 4.3.1
PHP Bug Type: *Encryption and hash functions
Bug description: Autogenerated crypt salt is not random
Ever since we upgraded to from PHP 4.1.2 to 4.3.1 (we're using Sun's
iPlanet server and the nsapi BTW), the autogenerated crypt salt being
returned by new accounts in our password-protected area has been "..".
Using this test script:
<html><body>
<?php echo crypt("1234567890"); ?>
</body></html>
I find that although not always the case, very often (and especially if I
wait for some time before reloading) the result returned from the above is
..EXlUiP8mHCU.
I have inserted a workaround to my PHP code now, and as I don't build PHP
here it would be tricky for me to test any fix, but I thought the
developers ought to know about this.
--
Edit bug report at http://bugs.php.net/?id=22806&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=22806&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=22806&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=22806&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=22806&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=22806&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=22806&r=support
Expected behavior: http://bugs.php.net/fix.php?id=22806&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=22806&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=22806&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=22806&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22806&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=22806&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=22806&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=22806&r=gnused
