Edit report at http://bugs.php.net/bug.php?id=53743&edit=1
ID: 53743
Comment by: os at irj dot ru
Reported by: daniel dot macdonald at designory dot com
Summary: Crypt() returns inconsistant results on numeric
strings
Status: Open
Type: Bug
Package: *Encryption and hash functions
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
Win 7 x64
PHP 5.3.6 x86 MSVC9 (Visual C++ 2008) Thread Safety AS Apache 2.2
Module
Apache/2.2.17 x86 NO SSL
Sctipt:
<?php
echo crypt("dev", '$1$dW0.is5.$10CH101gGOr1677ZYd517.');
?>
Expected Result
---------------
$1$dW0.is5.$10CH101gGOr1677ZYd517.
Actual result
-------------
FireFox 4:
$1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1
IE 9 with meny F5 refresh actual result is
Result 1: $1$dW0.is5.$PAX1vDQNMC0Ag2U3joEb71
Result 2: $1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1
in cycle
If I reload apache 2 service hash result are changing to some other
FF: $1$dW0.is5.$j9t0S3va.9brcE2kIILGx1
IE: $1$dW0.is5.$d2QAXWA.uqHWaY1KopvYr.,
$1$dW0.is5.$j9t0S3va.9brcE2kIILGx1
etc
Previous Comments:
------------------------------------------------------------------------
[2011-02-22 15:59:07] tomas dot brastavicius at quantum dot lt
Could not reproduce this bug on Ubuntu 10.10, PHP 5.3.6RC1, configured
with
./configure
--with-mhash \
--with-mcrypt
Actual result:
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
------------------------------------------------------------------------
[2011-01-14 18:48:36] daniel dot macdonald at designory dot com
Another test case producing weird results?:
code:
$salt = '$1$abcdefgh$';
$pass = '123';
for ($i=0; $i<3; $i++) {
echo crypt($pass, $salt)."<br />\n";
}
echo crypt($pass, $salt)."<br />\n";
outputs:
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$ohde1Lc7jN2GJjhi5UKGV0
------------------------------------------------------------------------
[2011-01-14 02:59:02] daniel dot macdonald at designory dot com
Description:
------------
---
>From manual page: http://www.php.net/function.crypt#Return Values
---
The crypt() function, when using MD5, returns different results if the
input string is all numeric.
Test script:
---------------
<?php
$salt = '$1$abcdefgh$';
$pass = '123';
$pass2 = '123a';
echo crypt($pass, $salt)."<br />\n";
echo crypt($pass, $salt)."<br /><br />\n";
echo crypt($pass2, $salt)."<br />\n";
echo crypt($pass2, $salt)."<br />\n";
?>
Expected result:
----------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
Actual result:
--------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53743&edit=1
