#50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
ID: 50052
Comment by: otaviodiniz at gmail dot com
Reported By: otaviodiniz at gmail dot com
Status: Feedback
Bug Type: Scripting Engine problem
Operating System: Windows 7
PHP Version: 5.3.0
New Comment:
As you can see the output are different in 5.2 and 5.3 near 0$or 01or.
Previous Comments:
[2009-11-02 09:59:54] paj...@php.net
Forgot to copy 5.3 output as well:
g:\php-sdk\php53\vc9\x86\php53..\obj\Debug\php.exe ..\50052.php
Salt: $1$f+uslYF01$
Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.
[2009-11-02 09:46:31] paj...@php.net
Cannot reproduce:
g:\php-sdk\php53\vc9\x8\php53\test\php52ntssnap\php.exe ..\50052.php
Salt: $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
Please try using VC9-x86 binaries, http://windows.php.net/snapshots/
[2009-11-02 02:39:32] otaviodiniz at gmail dot com
Description:
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.
First, the Salt size is incorrect, if i remove one character the Salt,
the result will be correct.
But with the wrong Salt size the behavior are different:
On Windows - The output is incorrect, as it shows the whole Salt
without the terminator $...
On Linux - PHP strips one character of Salt into it's correct expected
size, outputing correctly with the terminator $...
Reproduce code:
---
md5crypt(test);
function md5crypt($password)
{
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
.'abcdefghijklmnopqrstuvwxyz0123456789+/';
$salt='$1$';
for($i=0; $i9; $i++)
{
$salt.=$base64_alphabet[rand(0,63)];
}
$salt.='$';
echo pre;
echo Salt: .$salt.br /\r\n;
echo Output: .crypt($password,$salt);
echo /pre;
}
Expected result:
Salt: $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux
Actual result:
--
Salt: $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows
--
Edit this bug report at http://bugs.php.net/?id=50052edit=1
#50052 [NEW]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
From: otaviodiniz at gmail dot com
Operating system: Windows 7
PHP version: 5.3.0
PHP Bug Type: Scripting Engine problem
Bug description: Crypt - Different Hashes on Windows and Linux on wrong Salt
size
Description:
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.
First, the Salt size is incorrect, if i remove one character the Salt, the
result will be correct.
But with the wrong Salt size the behavior are different:
On Windows - The output is incorrect, as it shows the whole Salt without
the terminator $...
On Linux - PHP strips one character of Salt into it's correct expected
size, outputing correctly with the terminator $...
Reproduce code:
---
md5crypt(test);
function md5crypt($password)
{
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
.'abcdefghijklmnopqrstuvwxyz0123456789+/';
$salt='$1$';
for($i=0; $i9; $i++)
{
$salt.=$base64_alphabet[rand(0,63)];
}
$salt.='$';
echo pre;
echo Salt: .$salt.br /\r\n;
echo Output: .crypt($password,$salt);
echo /pre;
}
Expected result:
Salt: $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux
Actual result:
--
Salt: $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows
--
Edit bug report at http://bugs.php.net/?id=50052edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=50052r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=50052r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=50052r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=50052r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=50052r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=50052r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=50052r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=50052r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=50052r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=50052r=support
Expected behavior:
http://bugs.php.net/fix.php?id=50052r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=50052r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=50052r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=50052r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50052r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=50052r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=50052r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=50052r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=50052r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=50052r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=50052r=mysqlcfg
