php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69707 Crypt outputs different hash depending on PHP version
Submitted: 2015-05-25 20:01 UTC Modified: 2015-05-25 21:40 UTC
From: jdavis at outlook dot com Assigned:
Status: Not a bug Package: hash related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jdavis at outlook dot com
New email:
PHP Version: OS:

 

 [2015-05-25 20:01 UTC] jdavis at outlook dot com
Description:
------------
Using the crypt function, identical code will result in an output that will vary depending on the PHP version.

Test script:
---------------
<?php

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2y$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);

?>

Expected result:
----------------
I expect the result to be the same for every version, as this function can be used for login/passwords and updating PHP can result in an unusable login.

Actual result:
--------------
An example can be seen here: http://3v4l.org/qqHUe


-Output for 5.3.7 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9:
$2y$07$KFtIFW1vulG5nUH3a0Mv$.0imhrNa/laTsN0Ioj5m357/a8AxxF2q

-Output for 5.5.0 - 5.5.20, 5.6.0 - 5.6.4:
$2y$07$KFtIFW1vulG5nUH3a0Mv$e0imhrNa/laTsN0Ioj5m357/a8AxxF2q

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
-Status: Open +Status: Closed
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
The salt is 2 characters too short, this is causing the unexpected output.
 [2015-05-25 21:40 UTC] rasmus@php.net
-Status: Closed +Status: Not a bug
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 13:01:30 2024 UTC