PHP :: Bug #64745 :: hash_pbkdf2() truncates data when using default length and hex output

Bug #64745	hash_pbkdf2() truncates data when using default length and hex output
Submitted:	2013-05-01 00:18 UTC	Modified:	2013-05-15 13:06 UTC
From:	ezzatron at gmail dot com	Assigned:	ircmaxell (profile)
Status:	Closed	Package:	hash related
PHP Version:	5.5.0beta4	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ezzatron at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2013-05-01 00:18 UTC] ezzatron at gmail dot com

Description:
------------
When passing 0 as the length to hash_pbkdf2(), the behaviour is inconsistent 
between raw output and hex-encoded output. See the test script for a concrete 
example.

There are also no tests for the use case where length is defaulted in the current 
test suite (http://bit.ly/YcgMMu).

I'm attempting to write a compatibility library for this function for PHP versions 
earlier that 5.5, so the test suite for https://github.com/eloquent/pbkdf2-compat 
and its build history in Travis CI may also be useful, as it documents the current 
behaviour more extensively.

Test script:
---------------
<?php

$hash = hash_pbkdf2('sha1', 'password', 'salt', 1, 0);
$rawHash = hash_pbkdf2('sha1', 'password', 'salt', 1, 0, true);

var_dump($hash);
var_dump(bin2hex($rawHash));

Expected result:
----------------
string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6"
string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6"

Actual result:
--------------
string(20) "0c60c80f961f0e71f3a9"
string(40) "0c60c80f961f0e71f3a9b524af6012062fe037a6"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-05-15 12:54 UTC] dsp@php.net

-Assigned To: +Assigned To: ircmaxell

[2013-05-15 13:06 UTC] ircmaxell@php.net

Ahh, very interesting find. Will confirm, write a test case, and push a fix for it 
later today.

Thanks for the report!

[2013-05-28 19:44 UTC] ircmaxell@php.net

-Status: Assigned +Status: Closed

[2013-05-28 19:44 UTC] ircmaxell@php.net

Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=540a5a52e89fce6da19d6f79dd1eda587a25b396
Log: Fix #64745 hash_pbkdf2 truncation issue

[2013-11-17 09:31 UTC] laruence@php.net

Automatic comment on behalf of ircmaxell@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=540a5a52e89fce6da19d6f79dd1eda587a25b396
Log: Fix #64745 hash_pbkdf2 truncation issue

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 07:01:29 2024 UTC