Doc->Bug #64688 [Opn]: crypt doesn't truncate salt correctly for EXT_DES

chaos-master at gmx dot de Sun, 21 Apr 2013 09:52:03 -0700

Edit report at https://bugs.php.net/bug.php?id=64688&edit=1


 ID:                 64688
 User updated by:    chaos-master at gmx dot de
 Reported by:        chaos-master at gmx dot de
 Summary:            crypt doesn't truncate salt correctly for EXT_DES
 Status:             Open
-Type:               Documentation Problem
+Type:               Bug
 Package:            *Encryption and hash functions
 Operating System:   GNU/Linux
 PHP Version:        5.3.24
 Block user comment: N
 Private report:     N

 New Comment:

changed bug type: doc -> bug


Previous Comments:
------------------------------------------------------------------------
[2013-04-21 16:47:33] chaos-master at gmx dot de

Description:
------------
---
>From manual page: 
>http://www.php.net/function.crypt#refsect1-function.crypt-examples
---

The documentation for the crypt()-function asks to provide the complete hash as 
salt in order to verify a given hash.

However if the given hash is an EXT_DES Hash this doesn't work correctly

Test script:
---------------
<?php
// Correct behavior (here using SHA512)
$hash = crypt('foobar', '$6$Rp.sVGo.zbHnQds.');
echo $hash."\n";                                                // 
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0
echo crypt('foobar', $hash)."\n";                               // 
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0

// Inorrect behavior (EXT_DES)
$hash = crypt('foobar', '_6C/.jjzc');
echo $hash."\n";                                                // 
_6C/.jjzcoAyXu0Z0XlM
echo crypt('foobar', $hash)."\n";                               // _6T7pAW9oacXQ

// Workaround
echo crypt('foobar', substr($hash,0,9))."\n";                   // 
_6C/.jjzcoAyXu0Z0XlM
?>


Expected result:
----------------
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0
_6C/.jjzcoAyXu0Z0XlM
_6C/.jjzcoAyXu0Z0XlM
_6C/.jjzcoAyXu0Z0XlM


Actual result:
--------------
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0
$6$Rp.sVGo.zbHnQds.$I/mOIzdGE8g53MGbCe8gPcOdUMX.BiGz8Nx9HMa0UDKacGscGIAu.H75iG5U0d/niZk76y/LLHtHKZL9VdEZY0
_6C/.jjzcoAyXu0Z0XlM
_6T7pAW9oacXQ
_6C/.jjzcoAyXu0Z0XlM



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=64688&edit=1

Doc->Bug #64688 [Opn]: crypt doesn't truncate salt correctly for EXT_DES

Reply via email to