#50052 [Fbk]: Crypt - Different Hashes on Windows and Linux on wrong Salt size

Mon, 02 Nov 2009 02:00:16 -0800 

 ID:               50052
 Updated by:       paj...@php.net
 Reported By:      otaviodiniz at gmail dot com
 Status:           Feedback
 Bug Type:         Scripting Engine problem
 Operating System: Windows 7
 PHP Version:      5.3.0
 New Comment:

Forgot to copy 5.3 output as well:

g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.



Previous Comments:
------------------------------------------------------------------------

[2009-11-02 09:46:31] paj...@php.net

Cannot reproduce:

g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php

Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Please try using VC9-x86 binaries, http://windows.php.net/snapshots/

------------------------------------------------------------------------

[2009-11-02 02:39:32] otaviodiniz at gmail dot com

Description:
------------
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.

First, the Salt size is incorrect, if i remove one character the Salt,
the result will be correct.

But with the wrong Salt size the behavior are different:

On Windows - The output is incorrect, as it shows the whole Salt
without the terminator $...

On Linux - PHP strips one character of Salt into it's correct expected
size, outputing correctly with the terminator $...

Reproduce code:
---------------
md5crypt("test");

function md5crypt($password)
{
  $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
  .'abcdefghijklmnopqrstuvwxyz0123456789+/';
  $salt='$1$';
  for($i=0; $i<9; $i++)
  {
    $salt.=$base64_alphabet[rand(0,63)];
  }
  $salt.='$';
  echo "<pre>";
  echo "Salt:   ".$salt."<br />\r\n";
  echo "Output: ".crypt($password,$salt);
  echo "</pre>";
}

Expected result:
----------------
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.
//Linux




Actual result:
--------------
Salt:   $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0
//Windows


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=50052&edit=1

Reply via email to