Hi all,
I've been doing some work with a framework and have found a problem with
base_convert. For the following example code:
$algorithm = 'sha1';
$password = 'password';
$salt = '4qt6qjymiw4kks0gso80ks408k08c4gss80000s';
// Encrypt the password
if(function_exists('hash')) {
$password = hash($algorithm, $password . $salt);
} else {
$password = call_user_func($algorithm, $password . $salt);
}
echo $password . '<br />';
$password = base_convert($password, 16, 36);
echo $password . '<br />';
$password = substr($password, 0, 64);
echo $password;
I get the same result, except on a Debian Lenny system I'm currently setting
up. The code is login code, and as it is, none of the hashed passwords will
work for a few 1000 users if it's moved.
The systems I have tested it on are:
Windows 2003 32bit (php 5.2.10)
Debian Etch 32bit x 2 (php 5.2.9 & 5.2.10)
Debian Etch 64 bit (php 5.2.9)
Debian Lenny 64bit (php 5.2.9 and 5.2.6)
All but the Lenny system gives me:
d349750fa0fa607a9def5aee3a999dea7d3714ef
ooi5f74fw004k88s8kkkggccsww4wc4
ooi5f74fw004k88s8kkkggccsww4wc4
the lenny system:
d349750fa0fa607a9def5aee3a999dea7d3714ef
ooi5f74fw0bncwokk4occwoo0sock04
ooi5f74fw0bncwokk4occwoo0sock04
Has anybody come across anything like this before, or have any ideas? Is it
a number overflow? Anybody have any solutions? Rewriting the login code is
not an option,
Stu
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
-~----------~----~----~----~------~----~------~--~---
