PHP :: Bug #15769 :: php-4.0 crypt("abc") != php-4.1 crypt("abc")

Bug #15769	php-4.0 crypt("abc") != php-4.1 crypt("abc")
Submitted:	2002-02-27 19:53 UTC	Modified:	2002-02-28 10:00 UTC
From:	php at 8304 dot ch	Assigned:
Status:	Not a bug	Package:	*Encryption and hash functions
PHP Version:	4.1.1	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	php at 8304 dot ch
New email:
PHP Version:		OS:

New Comment:

[2002-02-27 19:53 UTC] php at 8304 dot ch

On the same system after upgrade, the result of crypt with only one arguments has another format: before (php 4.0.6) it was the standard 13 chars string, and now this md5-like hash is comming: "$1$ngOfu9A.$AoUUzzXjwxQiqKq7c2wDt1"...

Shouldn't the default behaviour of crypt() stay the same on a specific system ? This way it breaks a lots of customers scripts on the web server on upgrade, and this is *very* annoying. (no, I can't tell all people: rewrite all your scripts and use 2 args with the crypt command).

Isn't there a way to tell at compliation time: crypt() defaults to DES?  

Regards,
Olivier

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-28 02:08 UTC] sniper@php.net

This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

[2002-02-28 02:09 UTC] sniper@php.net

This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

http://www.php.net/manual/en/function.crypt.php

[2002-02-28 05:44 UTC] php at 8304 dot ch

from the docs:
> If no salt is provided, PHP will auto-generate a standard > 2 character salt by default, unless the default encryption 
> type on the system is MD5, in which case a random
> MD5-compatible salt is generated.

well, the "default encryption type" on the system has not changed between upgrade from 4.0 to 4.1, so why does the crypt behaviour change on the way? I really see that as a bug, or please tell me how to revert to the "normal" crypt (DES). Saw no options in the ./configure as well... :/

[2002-02-28 07:32 UTC] php at 8304 dot ch

ok, found a solution : 
1. ./configure  [options]
2. edit main/php_config.h and set  PHP_MD5_CRYPT = 0
3. compile.

[2002-02-28 09:55 UTC] edink@php.net

The behaviour unfortunatelly did change (and its not documented). You don't have to disable MD5 like that to get regular crypt, but you would need to generate a two character salt, which would then be passed as a second argument to crypt().

[2002-02-28 10:00 UTC] sniper@php.net

The behaviour changed because there was a bug in the 
detection for crypt() capabilities in previous PHP versions.
Now it behaves as documented.

--Jani

[2002-04-21 22:25 UTC] abraxes at gmx dot de

maybe it behaves like documented, but many php scripts onley uses crypt("whatever") to crypt something. if the result is stored in a db, and the db field is limited to 11 chars, then u have fun with this new feature. if u only have your own php code on a machine, then u can change the code, but if u have many php driven sites, this will lead u into trouble, thats why i made our php 4.1.2 work like it worked before.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 24 23:00:01 2025 UTC