Edit report at https://bugs.php.net/bug.php?id=65093&edit=1
ID: 65093
Comment by: r...@php.net
Reported by: michael at squiloople dot com
Summary: password_hash ignores salts with spaces
Status: Open
Type: Bug
Package: hash related
Operating System: Windows Vista SP2
PHP Version: 5.5.0
Block user comment: N
Private report: N
New Comment:
I think it's only a documentation problem which should explains which are the
allowed characters in the salt (from code: a-z A-Z 0-9 . /)
(notice: It is strongly recommended that you do not generate your own salt for
this function)
Previous Comments:
------------------------------------------------------------------------
[2013-06-21 22:37:03] michael at squiloople dot com
Description:
------------
When manually setting a salt which contains spaces the function ignores it and
automatically generates its own.
Test script:
---------------
echo password_hash('this is a test', PASSWORD_DEFAULT, array('salt' =>
'thisisatestthisisatest'));
echo '<br>';
echo password_hash('this is a test', PASSWORD_DEFAULT, array('salt' =>
'thisisatestthisis test'));
Expected result:
----------------
$2y$10$thisisatestthisisateseLNFJ7M2ONUSijVBKli7sVFN6rQm7o36
$2y$10$thisisatestthisis tesOZPioeRNSLNeG3cuJW56OSusfQ5SjKdO
(with the part after the salt being whatever it would be)
Actual result:
--------------
$2y$10$thisisatestthisisateseLNFJ7M2ONUSijVBKli7sVFN6rQm7o36
$2y$10$dGhpc2lzYXRlc3R0aGlzaOZPioeRNSLNeG3cuJW56OSusfQ5SjKdO
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65093&edit=1
