Doc #51282 [Com]: crypt() result different between PHP 5.3.1 and PHP 5.3.2

Mon, 29 Mar 2010 15:54:02 -0700 

Edit report at http://bugs.php.net/bug.php?id=51282&edit=1

 ID:               51282
 Comment by:       paul dot fernandez at gmail dot com
 Reported by:      jerome dot auge at anakeen dot com
 Summary:          crypt() result different between PHP 5.3.1 and PHP
                   5.3.2
 Status:           Assigned
 Type:             Documentation Problem
 Package:          *Encryption and hash functions
 Operating System: Mac, Linux
 PHP Version:      5.3.2
 Assigned To:      joey

 New Comment:

I have a similar problem going from PHP 5.2.8 to 5.3.0.



<?php

        if(CRYPT_STD_DES == 1) { echo "Standard DES is available.\n\n";
}



        $username = 'aardvark';

        $password = 'password';



        $salt = substr($username, 0, 1);

        echo "\$salt = $salt\n";



        $pass = crypt($password, $salt);

        echo "Standard crypt encryption (1 char salt)  = '$pass'\n";



        $des_pass = crypt($password, 'a$');

        echo "DES encryption (2 char salt) = '$des_pass'\n";

?>





Output from PHP 5.3.0:



$ php test24.php

Standard DES is available.



$salt = a

Standard crypt encryption (1 char salt)  = 'a$Av8awQ0AsR6'

DES encryption (2 char salt) = 'a$Av8awQ0AsR6'





Output of the same code on PHP 5.2.8:



$ php test24.php

Standard DES is available.



$salt = a

Standard crypt encryption (1 char salt)  = 'a$LHSkrbhfU1.'

DES encryption (2 char salt) = 'a$LHSkrbhfU1.'


Previous Comments:
------------------------------------------------------------------------
[2010-03-12 10:54:22] jerome dot auge at anakeen dot com

Description:
------------
I use crypt() to store and validate passwords using the « Standard DES
» hash, and after upgrading to 5.3.2, the hashed password of an account
is not the same as the one generated with PHP 5.3.1 :



With PHP 5.3.1 :



  $ php -r 'print crypt("anakeen", "A^")."\n";'

  A^1ul2Jf7VS2M



After upgrading to PHP 5.3.2 :



  $ php -r 'print crypt("anakeen", "A^")."\n";'

  A^/ImZ5hqd2VU



I tested both on Mac (macports) and on Linux (rawhide), and the hash
result was different on both platform.



On Mac OS X (10.5), the Perl (or C) crypt gives me the same results as
PHP 5.3.1 :



  $ perl -e 'print crypt("anakeen", "A^")."\n";'

  A^1ul2Jf7VS2M



While on Linux, the Perl script gives me the same result as PHP 5.3.2.



It appears that there is a difference in the crypt() function, between
these platforms, regarding the presence of non alpha-num chars in the
salt :



Mac OS X with "A-" salt = different hashes :

 

  $ php -r 'print crypt("anakeen", "A-")."\n";'

  A-75An91LCLEM

  $ perl -e 'print crypt("anakeen", "A-")."\n"';

  A-1ul2Jf7VS2M



Mac OS X with "A9" salt = same hashes :



  $ perl -e 'print crypt("anakeen", "A9")."\n"';

  A9Pf3.gAayQMM

  $ php -r 'print crypt("anakeen", "A9")."\n";'

  A9Pf3.gAayQMM



Maybe I should not have used non alpha-num chars for my salt in the
first place ?



------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=51282&edit=1

Reply via email to