|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15769 php-4.0 crypt("abc") != php-4.1 crypt("abc")
Submitted: 2002-02-27 19:53 UTC Modified: 2002-02-28 10:00 UTC
From: php at 8304 dot ch Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 4.1.1 OS: linux
Private report: No CVE-ID: None
 [2002-02-27 19:53 UTC] php at 8304 dot ch
On the same system after upgrade, the result of crypt with only one arguments has another format: before (php 4.0.6) it was the standard 13 chars string, and now this md5-like hash is comming: "$1$ngOfu9A.$AoUUzzXjwxQiqKq7c2wDt1"...

Shouldn't the default behaviour of crypt() stay the same on a specific system ? This way it breaks a lots of customers scripts on the web server on upgrade, and this is *very* annoying. (no, I can't tell all people: rewrite all your scripts and use 2 args with the crypt command).

Isn't there a way to tell at compliation time: crypt() defaults to DES?  



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-28 02:08 UTC]
This is not a bug. Please double-check the documentation available
at and the instructions on how to report
a bug at

 [2002-02-28 02:09 UTC]
This is not a bug. Please double-check the documentation available
at and the instructions on how to report
a bug at
 [2002-02-28 05:44 UTC] php at 8304 dot ch
from the docs:
> If no salt is provided, PHP will auto-generate a standard > 2 character salt by default, unless the default encryption 
> type on the system is MD5, in which case a random
> MD5-compatible salt is generated.

well, the "default encryption type" on the system has not changed between upgrade from 4.0 to 4.1, so why does the crypt behaviour change on the way? I really see that as a bug, or please tell me how to revert to the "normal" crypt (DES). Saw no options in the ./configure as well... :/
 [2002-02-28 07:32 UTC] php at 8304 dot ch
ok, found a solution : 
1. ./configure  [options]
2. edit main/php_config.h and set  PHP_MD5_CRYPT = 0
3. compile.
 [2002-02-28 09:55 UTC]
The behaviour unfortunatelly did change (and its not documented). You don't have to disable MD5 like that to get regular crypt, but you would need to generate a two character salt, which would then be passed as a second argument to crypt().

 [2002-02-28 10:00 UTC]
The behaviour changed because there was a bug in the 
detection for crypt() capabilities in previous PHP versions.
Now it behaves as documented.


 [2002-04-21 22:25 UTC] abraxes at gmx dot de
maybe it behaves like documented, but many php scripts onley uses crypt("whatever") to crypt something. if the result is stored in a db, and the db field is limited to 11 chars, then u have fun with this new feature. if u only have your own php code on a machine, then u can change the code, but if u have many php driven sites, this will lead u into trouble, thats why i made our php 4.1.2 work like it worked before.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Aug 03 21:01:24 2020 UTC