PHP :: Bug #69707 :: Crypt outputs different hash depending on PHP version

Bug #69707	Crypt outputs different hash depending on PHP version
Submitted:	2015-05-25 20:01 UTC	Modified:	2015-05-25 21:40 UTC
From:	jdavis at outlook dot com	Assigned:
Status:	Not a bug	Package:	hash related
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jdavis at outlook dot com
New email:
PHP Version:		OS:

New Comment:

[2015-05-25 20:01 UTC] jdavis at outlook dot com

Description:
------------
Using the crypt function, identical code will result in an output that will vary depending on the PHP version.

Test script:
---------------
<?php

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2y$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);

?>

Expected result:
----------------
I expect the result to be the same for every version, as this function can be used for login/passwords and updating PHP can result in an unusable login.

Actual result:
--------------
An example can be seen here: http://3v4l.org/qqHUe


-Output for 5.3.7 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9:
$2y$07$KFtIFW1vulG5nUH3a0Mv$.0imhrNa/laTsN0Ioj5m357/a8AxxF2q

-Output for 5.5.0 - 5.5.20, 5.6.0 - 5.6.4:
$2y$07$KFtIFW1vulG5nUH3a0Mv$e0imhrNa/laTsN0Ioj5m357/a8AxxF2q

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-05-25 20:12 UTC] jdavis at outlook dot com

-Status: Open +Status: Closed

[2015-05-25 20:12 UTC] jdavis at outlook dot com

The salt is 2 characters too short, this is causing the unexpected output.

[2015-05-25 21:40 UTC] rasmus@php.net

-Status: Closed +Status: Not a bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 03:01:28 2024 UTC