Bug #50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
Edit report at http://bugs.php.net/bug.php?id=50052&edit=1 ID: 50052 Comment by: catalin at aceora dot com Reported by:otaviodiniz at gmail dot com Summary:Crypt - Different Hashes on Windows and Linux on wrong Salt size Status: Closed Type: Bug Package:Scripting Engine problem Operating System: Windows 7 PHP Version:5.3.0 Assigned To:pajoye Block user comment: N Private report: N New Comment: I what version of PHP was this implemented ? I call the crypt function from two pc, with two different PHP versions, and i get two separate results. Catalin Previous Comments: [2009-11-02 20:47:01] paj...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. [2009-11-02 20:46:53] s...@php.net Automatic comment from SVN on behalf of pajoye Revision: http://svn.php.net/viewvc/?view=revision&revision=290154 Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size [2009-11-02 13:57:13] otaviodiniz at gmail dot com As you can see the output are different in 5.2 and 5.3 near 0$or 01or. [2009-11-02 09:59:54] paj...@php.net Forgot to copy 5.3 output as well: g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY. [2009-11-02 09:46:31] paj...@php.net Cannot reproduce: g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php Salt: $1$f+uslYF01$ Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY. Please try using VC9-x86 binaries, http://windows.php.net/snapshots/ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=50052 -- Edit this bug report at http://bugs.php.net/bug.php?id=50052&edit=1
#50052 [Com]: Crypt - Different Hashes on Windows and Linux on wrong Salt size
ID: 50052
Comment by: otaviodiniz at gmail dot com
Reported By: otaviodiniz at gmail dot com
Status: Feedback
Bug Type: Scripting Engine problem
Operating System: Windows 7
PHP Version: 5.3.0
New Comment:
As you can see the output are different in 5.2 and 5.3 near 0$or 01or.
Previous Comments:
[2009-11-02 09:59:54] paj...@php.net
Forgot to copy 5.3 output as well:
g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php
Salt: $1$f+uslYF01$
Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.
[2009-11-02 09:46:31] paj...@php.net
Cannot reproduce:
g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php
Salt: $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
Please try using VC9-x86 binaries, http://windows.php.net/snapshots/
[2009-11-02 02:39:32] otaviodiniz at gmail dot com
Description:
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.
First, the Salt size is incorrect, if i remove one character the Salt,
the result will be correct.
But with the wrong Salt size the behavior are different:
On Windows - The output is incorrect, as it shows the whole Salt
without the terminator $...
On Linux - PHP strips one character of Salt into it's correct expected
size, outputing correctly with the terminator $...
Reproduce code:
---
md5crypt("test");
function md5crypt($password)
{
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
.'abcdefghijklmnopqrstuvwxyz0123456789+/';
$salt='$1$';
for($i=0; $i<9; $i++)
{
$salt.=$base64_alphabet[rand(0,63)];
}
$salt.='$';
echo "";
echo "Salt: ".$salt."\r\n";
echo "Output: ".crypt($password,$salt);
echo "";
}
Expected result:
Salt: $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux
Actual result:
--
Salt: $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows
--
Edit this bug report at http://bugs.php.net/?id=50052&edit=1
