php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10822 CRYPT_SALT_LENGTH == 2 even when CRYPT_MD5 available
Submitted: 2001-05-11 18:54 UTC Modified: 2001-08-04 19:54 UTC
From: jo at feuersee dot de Assigned:
Status: Closed Package: *Encryption and hash functions
PHP Version: 4.0.5 OS: Linux 2.4.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jo at feuersee dot de
New email:
PHP Version: OS:

 

 [2001-05-11 18:54 UTC] jo at feuersee dot de
Against the documentation, at least on Linux systems the const CRYPT_SALT_LENGTH is 2 even when the system is capable of encrypting MD5.
Most likely, this is related to bug #9177.
As stated there, I compiled php (after a make clean; rm config.cache) without openssl support, but 
<?php
printf("%d", CRYPT_SALT_LENGTH);
?>
still emits 2 (but MD5 encryption works fine).
It gets pretty complicated to maintain compatibility with former versions of PHP. This bug also causes compatibility probs when porting DBs with crypt() encrypted passwords from Linux to BSD and vice versa (MD5 ist std on most (all?) BSD platforms.
I'd like to propose the following:
CRYPT_SALT_LENGTH should be set to the longest salt the system is capable of (like it is staded in the docs).
The 4 different consts specifying the salt of a requested encryprion (eg. CRYPT_MD5) should be set to 0 (==not available) or the salt length for this kind/flavour of encryption.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-08-04 19:54 UTC] sniper@php.net
Fixed in CVS.

--Jani

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Jun 25 08:01:23 2021 UTC