|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2010-06-05 08:08 UTC] phpbug dot z dot pbowers at spamgourmet dot com
[2010-06-05 15:49 UTC] felipe@php.net
-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: pajoye
[2010-06-05 15:55 UTC] phpbug dot z dot pbowers at spamgourmet dot com
[2010-06-05 16:08 UTC] pajoye@php.net
-Status: Assigned
+Status: Bogus
[2010-06-05 16:08 UTC] pajoye@php.net
[2010-07-02 09:02 UTC] ashish3253 at yahoo dot com
[2011-09-10 21:34 UTC] c dot clix at tiscali dot it
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Dec 12 18:01:26 2024 UTC |
Description: ------------ My understanding of the crypt() function is that it prepends the salt onto the resulting hash. Thereafter feeding the resulting hash as the salt argument to the crypt() function with the same original key should result in the same hash. We have used this extensively to encrypt/store and compare passwords for authentication purposes. Thus the following code should result in "MATCH": (see example A below) In any version I've tested of PHP on a linux platform as well as 5.2.11 on a windows platform I get "MATCH" -- this is correct. But on 5.3.0 or 5.3.1 or 5.3.2 on windows I get "NO MATCH". (see Example B below) On any PHP version on a linux platform or on any pre-PHP 5.3.0 version on windows I get all identical hashes - this is good (same key, same salt, should result in the same hash). But on any PHP 5.3.0 or later on windows I get all 4 being different (same first 12 characters). I have verified that this bug occurs ON A WINDOWS PLATFORM (WAMPSERVER) in 5.3.0 and 5.3.1 and 5.3.2 but does not happen on 5.2.11. I have verified that this bug does not occur on a linux platform running sample versions of 5.3.x. I have verified that if I use a key of 4 or more characters the bug disappears. Thus if you replace "abc" with "abcd" in the above code everything works fine across the board. This bug only occurs with a key of 3 or fewer characters. Why is this important? I'm using code similar to this to determine whether passwords stored as encrypted hash match the password users just entered -- if they use a short password (3 or less characters -- not wise, but in a low-security environment there's been no need to limit that) then moving to 5.3.x means they can no longer log in. Test script: --------------- Example A: $foo = crypt("abc"); $bar = crypt("abc", $foo); if ($foo == $bar) echo "MATCH"; else echo "NO MATCH"; Example B: $hash0 = crypt('abc'); $hash2 = crypt('abc', $hash0); $hash3 = crypt('abc', $hash2); $hash4 = crypt('abc', $hash3); echo "local config: <br>\nhash0=$hash0, <br>\nhash2=$hash2<br>\nhash3=$hash3<br>\nhash4=$hash4<br>\n"; Expected result: ---------------- Example A: Expect output of "MATCH" Example B: Expect 4 identical hashes to be printed, like this (obtained from 5.2.11): local config: hash0=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7., hash2=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7. hash3=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7. hash4=$1$xH3.mL5.$GVkUEah6QIRaB7lZXfBz7. Actual result: -------------- Example A (on a windows machine running 5.3.x): NO MATCH Example B (on a windows machine running 5.3.x): local config: hash0=$1$ta2.y55.$BYwQQt5ybMoX9I6Yqa5gX1, hash2=$1$ta2.y55.$ngRiBNwmsuMxW.9B7OTB3/ hash3=$1$ta2.y55.$D4w8u73CH0ljNiwgqkX9p0 hash4=$1$ta2.y55.$ytnCYJ3ZKie4Fkei4SBmu.