ID: 50334 Updated by: [email protected] Reported By: hanno at hboeck dot de -Status: Assigned +Status: Feedback Bug Type: *Encryption and hash functions Operating System: Linux PHP Version: 5.3.1 Assigned To: pajoye New Comment:
Still need the answer to my question. Previous Comments: ------------------------------------------------------------------------ [2009-11-30 14:31:46] [email protected] Pierre, this is caused by bad idea of requiring ALL of blowfish, des, ext des and md5. You should provide the fallback only for those that aren't found. ------------------------------------------------------------------------ [2009-11-30 14:29:38] [email protected] Assigned to Pierre who broke this. ------------------------------------------------------------------------ [2009-11-30 14:18:10] [email protected] Which linux distribution do you use exactly (name, version)? ------------------------------------------------------------------------ [2009-11-30 12:48:33] hanno at hboeck dot de Description: ------------ PHP has the crypt()-function which can create salted-hashes (e.g. usable for shadow-passwords). Although it's not documented, in PHP 5.2 it was possible to pass the prefix for sha512 like in the corresponding glibc-function. Example: echo crypt('foo','$6$$bar$'); gives $6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu. Now the same code in PHP 5.3.1 gives $6A86JNndVTdM (which is basically just crypt ignoring the $6-prefix for the salt) I assume may have something to do with (cited from crypt-documentation): "Note: As of PHP 5.3.0, PHP contains its own implementation and will use that if the system lacks of support for one or more of the algorithms. " Reproduce code: --------------- echo crypt('foo','$6$$bar$'); Expected result: ---------------- $6$$QMXjqd7rHQZPQ1yHsXkQqC1FBzDiVfTHXL.LaeDAeVV.IzMaV9VU4MQ8kPuZa2SOP1A0RPm772EaFYjpEJtdu. Actual result: -------------- $6A86JNndVTdM ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50334&edit=1
