php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53743 Crypt() returns inconsistant results on numeric strings
Submitted: 2011-01-14 02:59 UTC Modified: 2020-06-24 12:19 UTC
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: daniel dot macdonald at designory dot com Assigned: nikic (profile)
Status: Closed Package: *Encryption and hash functions
PHP Version: 5.3.5 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: daniel dot macdonald at designory dot com
New email:
PHP Version: OS:

 

 [2011-01-14 02:59 UTC] daniel dot macdonald at designory dot com 
Description:
------------
---
From manual page: http://www.php.net/function.crypt#Return Values
---

The crypt() function, when using MD5, returns different results if the input string is all numeric.

Test script:
---------------
<?php
$salt = '$1$abcdefgh$';
$pass = '123';
$pass2 = '123a';
echo crypt($pass, $salt)."<br />\n";
echo crypt($pass, $salt)."<br /><br />\n";
echo crypt($pass2, $salt)."<br />\n";
echo crypt($pass2, $salt)."<br />\n";
?>

Expected result:
----------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/

Actual result:
--------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-14 18:48 UTC] daniel dot macdonald at designory dot com 
Another test case producing weird results?:

code:

$salt = '$1$abcdefgh$';
$pass = '123';
for ($i=0; $i<3; $i++) {
	echo crypt($pass, $salt)."<br />\n";
}
echo crypt($pass, $salt)."<br />\n";

outputs:

$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$ohde1Lc7jN2GJjhi5UKGV0
 [2011-02-22 15:59 UTC] tomas dot brastavicius at quantum dot lt 
Could not reproduce this bug on Ubuntu 10.10, PHP 5.3.6RC1, configured with
./configure
--with-mhash \
--with-mcrypt

Actual result:
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
 [2011-05-12 17:45 UTC] os at irj dot ru 
Win 7 x64
PHP 5.3.6 x86 MSVC9 (Visual C++ 2008) Thread Safety AS Apache 2.2 Module
Apache/2.2.17 x86 NO SSL

Sctipt:
<?php 
echo crypt("dev", '$1$dW0.is5.$10CH101gGOr1677ZYd517.'); 
?>

Expected Result
---------------
$1$dW0.is5.$10CH101gGOr1677ZYd517.

Actual result
-------------
FireFox 4:
$1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1

IE 9 with meny F5 refresh actual result is
Result 1: $1$dW0.is5.$PAX1vDQNMC0Ag2U3joEb71
Result 2: $1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1
in cycle

If I reload apache 2 service hash result are changing to some other
FF: $1$dW0.is5.$j9t0S3va.9brcE2kIILGx1
IE: $1$dW0.is5.$d2QAXWA.uqHWaY1KopvYr., $1$dW0.is5.$j9t0S3va.9brcE2kIILGx1

etc
 [2020-06-24 12:19 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2020-06-24 12:19 UTC] nikic@php.net 
Does not reproduce anymore on Ubuntu and @cmb confirmed that it does not reproduce on Windows either. I believe this has been fixed long ago.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat Jul 19 06:00:03 2025 UTC