Bug #50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
Edit report at http://bugs.php.net/bug.php?id=50052&edit=1 ID: 50052 Comment by: catalin at aceora dot com Reported by:otaviodiniz at gmail dot com Summary:Crypt - Different Hashes on Windows and Linux on wrong Salt size Status: Closed Type: Bug Package:Scripting Engine problem Operating System: Windows 7 PHP Version:5.3.0 Assigned To:pajoye Block user comment: N Private report: N New Comment: I what version of PHP was this implemented ? I call the crypt function from two pc, with two different PHP versions, and i get two separate results. Catalin Previous Comments: [2009-11-02 20:47:01] paj...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. [2009-11-02 20:46:53] s...@php.net Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=290154 Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size [2009-11-02 13:57:13] otaviodiniz at gmail dot com As you can see the output are different in 5.2 and 5.3 near 0$or 01or. [2009-11-02 09:59:54] paj...@php.net Forgot to copy 5.3 output as well: g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY. [2009-11-02 09:46:31] paj...@php.net Cannot reproduce: g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. Please try using VC9-x86 binaries, http://windows.php.net/snapshots/ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=50052 -- Edit this bug report at http://bugs.php.net/bug.php?id=50052&edit=1
#50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
ID: 50052 Comment by: otaviodiniz at gmail dot com Reported By: otaviodiniz at gmail dot com Status: Feedback Bug Type: Scripting Engine problem Operating System: Windows 7 PHP Version: 5.3.0 New Comment: As you can see the output are different in 5.2 and 5.3 near 0$or 01or. Previous Comments: [2009-11-02 09:59:54] paj...@php.net Forgot to copy 5.3 output as well: g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY. [2009-11-02 09:46:31] paj...@php.net Cannot reproduce: g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. Please try using VC9-x86 binaries, http://windows.php.net/snapshots/ [2009-11-02 02:39:32] otaviodiniz at gmail dot com Description: The behave of Crypt function on Windows and Linux boxes are different. In the sample function we create a Salt with length of 12 characters. First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct. But with the wrong Salt size the behavior are different: On Windows - The output is incorrect, as it shows the whole Salt without the terminator $... On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $... Reproduce code: --- md5crypt("test"); function md5crypt($password) { $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ' .'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt='$1$'; for($i=0; $i<9; $i++) { $salt.=$base64_alphabet[rand(0,63)]; } $salt.='$'; echo ""; echo "Salt: ".$salt."\r\n"; echo "Output: ".crypt($password,$salt); echo ""; } Expected result: Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. //Linux Actual result: -- Salt: $1$XcPmtBmRG$ Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0 //Windows -- Edit this bug report at http://bugs.php.net/?id=50052&edit=1