[PHP-DEV] Re: Bug #12745: problem with the randomic generation of salt when a use crypt("pass")

2001-08-15 Thread Marcus Vinicius 

der

I supose that is must not work but works, did you tested ?

- Original Message -
From: "PHP Bug Database" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 14, 2001 8:40 PM
Subject: Bug #12745: problem with the randomic generation of salt when a use
crypt("pass")


> From: [EMAIL PROTECTED]
> Operating system: Linux Slackware 7.1
> PHP version:  4.0.6
> PHP Bug Type: *Encryption and hash functions
> Bug description:  problem with the randomic generation of salt when a use
crypt("pass")
>
> problem with the randomic generation of salt when a use $string =
> crypt("11lei11lao11") it allways generates a salt ( the first 2 chars from
> encrypted string ) that if use crypt("11lei11lao11blablabla") would work,
> and also crypt("11lei11lao11anythingwouldworkhere").
>
> the code is
>
> $cryptedpass = crypt("11lei11lao11");
> if (crypt ( "11lei11lao11anythingwouldworkhere", substr ( $cryptedpass, 0,
> 2)) == $cryptedpass) {
>   echo "this is extremely strange for me";
> }
>
> and this works with this pass but not whit others!
> --
> Edit bug report at: http://bugs.php.net/?id=12745&edit=1
>


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] Re: Bug #12745: problem with the randomic generation of salt when a use crypt("pass")

2001-08-15 Thread Sander Roobol 

Not a bug in PHP. Verified with htpasswd (couldn't get a simple
crypt-demonstration-script working :-)
$ ./htpasswd -d -nb test 11lei11lao11
returned test:Au7LW/UPElj0c
$ ./htpasswd -d -nb test 11lei11lao11whatever
returned test:Au7LW/UPElj0c

I guess it's a bug (or an undocumented behaviour) of the crypt()-algoritm.
The problem is not the random salt. The problem seems to be that crypt (at
least, in this case) only uses the first 12 characters (or less).

Sander

- Original Message -
From: "Marcus Vinicius" <[EMAIL PROTECTED]>
To: "PHP Bug Database" <[EMAIL PROTECTED]>
Sent: Wednesday, August 15, 2001 2:31 PM
Subject: [PHP-DEV] Re: Bug #12745: problem with the randomic generation of
salt when a use crypt("pass")


> der
>
> I supose that is must not work but works, did you tested ?
>
> - Original Message -
> From: "PHP Bug Database" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 14, 2001 8:40 PM
> Subject: Bug #12745: problem with the randomic generation of salt when a
use
> crypt("pass")
>
>
> > From: [EMAIL PROTECTED]
> > Operating system: Linux Slackware 7.1
> > PHP version:  4.0.6
> > PHP Bug Type: *Encryption and hash functions
> > Bug description:  problem with the randomic generation of salt when a
use
> crypt("pass")
> >
> > problem with the randomic generation of salt when a use $string =
> > crypt("11lei11lao11") it allways generates a salt ( the first 2 chars
from
> > encrypted string ) that if use crypt("11lei11lao11blablabla") would
work,
> > and also crypt("11lei11lao11anythingwouldworkhere").
> >
> > the code is
> >
> > $cryptedpass = crypt("11lei11lao11");
> > if (crypt ( "11lei11lao11anythingwouldworkhere", substr ( $cryptedpass,
0,
> > 2)) == $cryptedpass) {
> >   echo "this is extremely strange for me";
> > }
> >
> > and this works with this pass but not whit others!
> > --
> > Edit bug report at: http://bugs.php.net/?id=12745&edit=1
> >
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]