Not a bug in PHP. Verified with htpasswd (couldn't get a simple
crypt-demonstration-script working :-)
$ ./htpasswd -d -nb test 11lei11lao11
returned test:Au7LW/UPElj0c
$ ./htpasswd -d -nb test 11lei11lao11whatever
returned test:Au7LW/UPElj0c
I guess it's a bug (or an undocumented behaviour) of the crypt()-algoritm.
The problem is not the random salt. The problem seems to be that crypt (at
least, in this case) only uses the first 12 characters (or less).
Sander
- Original Message -
From: Marcus Vinicius [EMAIL PROTECTED]
To: PHP Bug Database [EMAIL PROTECTED]
Sent: Wednesday, August 15, 2001 2:31 PM
Subject: [PHP-DEV] Re: Bug #12745: problem with the randomic generation of
salt when a use crypt(pass)
der
I supose that is must not work but works, did you tested ?
- Original Message -
From: PHP Bug Database [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 14, 2001 8:40 PM
Subject: Bug #12745: problem with the randomic generation of salt when a
use
crypt(pass)
From: [EMAIL PROTECTED]
Operating system: Linux Slackware 7.1
PHP version: 4.0.6
PHP Bug Type: *Encryption and hash functions
Bug description: problem with the randomic generation of salt when a
use
crypt(pass)
problem with the randomic generation of salt when a use $string =
crypt(11lei11lao11) it allways generates a salt ( the first 2 chars
from
encrypted string ) that if use crypt(11lei11lao11blablabla) would
work,
and also crypt(11lei11lao11anythingwouldworkhere).
the code is
$cryptedpass = crypt(11lei11lao11);
if (crypt ( 11lei11lao11anythingwouldworkhere, substr ( $cryptedpass,
0,
2)) == $cryptedpass) {
echo this is extremely strange for me;
}
and this works with this pass but not whit others!
--
Edit bug report at: http://bugs.php.net/?id=12745edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]