php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79847 crypt/sha512 with rounds<1000 returns failure
Submitted: 2020-07-13 12:00 UTC Modified: 2020-07-13 12:45 UTC
From: sjon@php.net Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 8.0.0alpha2 OS: archLinux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sjon@php.net
New email:
PHP Version: OS:

 

 [2020-07-13 12:00 UTC] sjon@php.net 
Description:
------------
running crypt using sha512 with rounds<1000 (the minimum) is documented (and previously would) as being equal to specifying rounds=1000. However, starting with alpha2 it instead returns the error string *0

Originally found as https://3v4l.org/o5qVS

Test script:
---------------
echo 'SHA-512:      ' . crypt('salasana', '$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40') . "\n";


Expected result:
----------------
SHA-512:      $6$rounds=1000$qNElXs2yMnL2.GNS$/q7trYkbKkoJernsumbObt2IysdXGRx/ytFaG0HBC97rHHhYRQvUcyEuRHP6h5yj8V.fH7XKEw5hjofVmYONw1

Actual result:
--------------
SHA-512:      *0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-13 12:42 UTC] sjon@php.net 
this isn't necessarily rounds related, for example https://3v4l.org/mrEHA also fails
 [2020-07-13 12:45 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2020-07-13 12:45 UTC] nikic@php.net 
Intentional change to align with glibc behavior, now documented with https://github.com/php/php-src/commit/0cab3fa10eb1a2d15a2c27fe879c1c0398b7245a.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 10:01:35 2025 UTC