php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41202 crypt function returns different hashes in PHP4/PHP5
Submitted: 2007-04-26 13:46 UTC Modified: 2007-04-26 15:04 UTC
From: nickmc33 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.2.1 OS: Windows Server 2003 x64 Edition
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nickmc33 at hotmail dot com
New email:
PHP Version: OS:

 

 [2007-04-26 13:46 UTC] nickmc33 at hotmail dot com 
Description:
------------
I'm finding that the crypt function produces different hashes on PHP4 and PHP5 systems when the second character of the salt is an underscore.







Reproduce code:
---------------
<?php
print crypt("password","x_")."<br />";
print crypt("password","xx");
?>

Expected result:
----------------
The hashes generated should always be the same.

Actual result:
--------------
Using the test code above the first hash will be different when ran using PHP 5.2.1 and PHP 4.4.4, but the second hash will always be the same.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-26 13:53 UTC] nickmc33 at hotmail dot com 
Test results:

PHP4:

x_JPQON7N9.Ls
xxj31ZMTZzkVA

PHP5:

x_961N.JoN.jw
xxj31ZMTZzkVA
 [2007-04-26 14:38 UTC] tony2001@php.net 
PHP5.2 on windows returns the same result as on PHP5 & PHP4 on Linux.
So there was a problem in PHP4 on windows which eventually got fixed.
 [2007-04-26 14:55 UTC] nickmc33 at hotmail dot com 
Bogus? I'd imagine that this bug still exists in the latest version of PHP4 as there's no mention of a fix in subsequent updates. The bugged version of PHP that we're runnign isn't really that old (4.4.4). We're going to have to be careful when upgrading now.
 [2007-04-26 14:56 UTC] nickmc33 at hotmail dot com 
Reopened for comment.
 [2007-04-26 14:57 UTC] daveyfelton at hotmail dot com 
Why on earth has this bug been marked as bogus!? Of course it's a bug! This is going to cause us so many problems when we upgrade from PHP 4 to 5, becuase all the user passwords we have stored with one way encryption based on crypt won't work anymore!
 [2007-04-26 15:04 UTC] tony2001@php.net 
>This is going to cause us so many problems when we upgrade from 
>PHP 4 to 5

I said the crypt function has been FIXED.
Now it returns the same result as on Linux.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Feb 05 14:01:32 2025 UTC