#41202 [Com]: crypt function returns different hashes in PHP4/PHP5

Thu, 26 Apr 2007 07:57:27 -0700 

 ID:               41202
 Comment by:       daveyfelton at hotmail dot com
 Reported By:      nickmc33 at hotmail dot com
 Status:           Open
 Bug Type:         *Encryption and hash functions
 Operating System: Windows Server 2003 x64 Edition
 PHP Version:      5.2.1
 New Comment:

Why on earth has this bug been marked as bogus!? Of course it's a bug!
This is going to cause us so many problems when we upgrade from PHP 4 to
5, becuase all the user passwords we have stored with one way encryption
based on crypt won't work anymore!


Previous Comments:
------------------------------------------------------------------------

[2007-04-26 14:56:06] nickmc33 at hotmail dot com

Reopened for comment.

------------------------------------------------------------------------

[2007-04-26 14:55:28] nickmc33 at hotmail dot com

Bogus? I'd imagine that this bug still exists in the latest version of
PHP4 as there's no mention of a fix in subsequent updates. The bugged
version of PHP that we're runnign isn't really that old (4.4.4). We're
going to have to be careful when upgrading now.

------------------------------------------------------------------------

[2007-04-26 14:38:28] [EMAIL PROTECTED]

PHP5.2 on windows returns the same result as on PHP5 & PHP4 on Linux.
So there was a problem in PHP4 on windows which eventually got fixed.

------------------------------------------------------------------------

[2007-04-26 13:53:04] nickmc33 at hotmail dot com

Test results:

PHP4:

x_JPQON7N9.Ls
xxj31ZMTZzkVA

PHP5:

x_961N.JoN.jw
xxj31ZMTZzkVA

------------------------------------------------------------------------

[2007-04-26 13:46:15] nickmc33 at hotmail dot com

Description:
------------
I'm finding that the crypt function produces different hashes on PHP4
and PHP5 systems when the second character of the salt is an
underscore.







Reproduce code:
---------------
<?php
print crypt("password","x_")."<br />";
print crypt("password","xx");
?>

Expected result:
----------------
The hashes generated should always be the same.

Actual result:
--------------
Using the test code above the first hash will be different when ran
using PHP 5.2.1 and PHP 4.4.4, but the second hash will always be the
same.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=41202&edit=1

Reply via email to