Edit report at https://bugs.php.net/bug.php?id=55717&edit=1
ID: 55717
User updated by: gelliott000 at yahoo dot ca
Reported by: gelliott000 at yahoo dot ca
Summary: Crypt returns "*0" instead of hashed string.
Status: Bogus
Type: Bug
Package: *Encryption and hash functions
Operating System: FreeBSD 7.2
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
I'm sorry to be persistent, but I don't think that this is a problem with the
salt length.
To demonstrate, I have run crypt on several platforms with several versions of
PHP. I ran crypt with the same string, but a different salt that varied by
just one character:
1st case: crypt("veronica", "aQ");
2nd case: crypt("veronica", "_Q");
The first case produces the same hashed string in all versions and platforms.
The second cases produces a proper hashed string with the 5.1 and 5.2 variants,
but not so with most of the 5.3 variants.
Results for 1st case [crypt("veronica", "aQ")]:
PHP 5.1.6 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk.
PHP 5.2.17 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk.
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) / Linux : aQW/7xmAl9Wk.
PHP 5.3.0 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk.
PHP 5.3.4 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk.
PHP 5.3.6 (cli) / RHEL Linux 2.6.18: aQW/7xmAl9Wk.
PHP 5.3.8 (cli) / Ubuntu Linux (2.6.32): aQW/7xmAl9Wk.
PHP 5.3.8 with Suhosin-Patch (cli) / FreeBSD 7.2 : aQW/7xmAl9Wk.
Results for the 2nd case [crypt("veronica", "_Q")]:
PHP 5.1.6 (cli) / RHEL Linux 2.6.18: _Q9SLgD4qEEgM
PHP 5.2.17 (cli) / RHEL Linux 2.6.18: _Q9SLgD4qEEgM
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch (cli) / Linux : _Q9SLgD4qEEgM
PHP 5.3.0 (cli) / RHEL Linux 2.6.18: _Q$$$$$$$qK1ZM2vrJkU
PHP 5.3.4 (cli) / RHEL Linux 2.6.18: *0
PHP 5.3.6 (cli) / RHEL Linux 2.6.18: *0
PHP 5.3.7 with Suhosin-Patch (cli) / FreeBSD 7.2 : *0
PHP 5.3.8 (cli) / Ubuntu Linux (2.6.32): *0
PHP 5.3.8 with Suhosin-Patch (cli) / FreeBSD 7.2 : *0
Previous Comments:
------------------------------------------------------------------------
[2011-09-17 19:46:27] [email protected]
ah, sorry, I misread the *0 part. Please see the documentation (salt length,
return value on failure).
------------------------------------------------------------------------
[2011-09-17 19:34:11] gelliott000 at yahoo dot ca
I have been able to reproduce the bug under Ubuntu Linux (2.6.32) and a clean
5.3.8 release download: PHP 5.3.8 (cli) (built: Sep 17 2011 14:59:12)
------------------------------------------------------------------------
[2011-09-17 18:30:25] [email protected]
Please try using a plain PHP fetched either from our svn or from a release
download.
------------------------------------------------------------------------
[2011-09-17 18:15:37] gelliott000 at yahoo dot ca
Description:
------------
PHP 5.3.8 with Suhosin-Patch (cli) (built: Sep 12 2011 10:57:59)
Using the crypt() function with string "veronica" and salt "_Q" returns an
unexpected string: "*0".
Was expecting a proper hashed string beginning with the salt string to be
returned.
Test script:
---------------
<?php
echo crypt("veronica","_Q");
?>
Expected result:
----------------
A hashed string beginning with the salt string to be returned.
Actual result:
--------------
The string "*0" is returned.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55717&edit=1
