php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #15769 php-4.0 crypt("abc") != php-4.1 crypt("abc")
Submitted: 2002-02-27 19:53 UTC Modified: 2002-02-28 10:00 UTC
From: php at 8304 dot ch Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 4.1.1 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2002-02-27 19:53 UTC] php at 8304 dot ch 
On the same system after upgrade, the result of crypt with only one arguments has another format: before (php 4.0.6) it was the standard 13 chars string, and now this md5-like hash is comming: "$1$ngOfu9A.$AoUUzzXjwxQiqKq7c2wDt1"...

Shouldn't the default behaviour of crypt() stay the same on a specific system ? This way it breaks a lots of customers scripts on the web server on upgrade, and this is *very* annoying. (no, I can't tell all people: rewrite all your scripts and use 2 args with the crypt command).

Isn't there a way to tell at compliation time: crypt() defaults to DES?  

Regards,
Olivier

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-28 02:08 UTC] sniper@php.net 
This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 [2002-02-28 02:09 UTC] sniper@php.net 
This is not a bug. Please double-check the documentation available
at http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

http://www.php.net/manual/en/function.crypt.php
 [2002-02-28 05:44 UTC] php at 8304 dot ch 
from the docs:
> If no salt is provided, PHP will auto-generate a standard > 2 character salt by default, unless the default encryption 
> type on the system is MD5, in which case a random
> MD5-compatible salt is generated.

well, the "default encryption type" on the system has not changed between upgrade from 4.0 to 4.1, so why does the crypt behaviour change on the way? I really see that as a bug, or please tell me how to revert to the "normal" crypt (DES). Saw no options in the ./configure as well... :/
 [2002-02-28 07:32 UTC] php at 8304 dot ch 
ok, found a solution : 
1. ./configure  [options]
2. edit main/php_config.h and set  PHP_MD5_CRYPT = 0
3. compile.
 [2002-02-28 09:55 UTC] edink@php.net 
The behaviour unfortunatelly did change (and its not documented). You don't have to disable MD5 like that to get regular crypt, but you would need to generate a two character salt, which would then be passed as a second argument to crypt().
 [2002-02-28 10:00 UTC] sniper@php.net 
The behaviour changed because there was a bug in the 
detection for crypt() capabilities in previous PHP versions.
Now it behaves as documented.

--Jani
 [2002-04-21 22:25 UTC] abraxes at gmx dot de 
maybe it behaves like documented, but many php scripts onley uses crypt("whatever") to crypt something. if the result is stored in a db, and the db field is limited to 11 chars, then u have fun with this new feature. if u only have your own php code on a machine, then u can change the code, but if u have many php driven sites, this will lead u into trouble, thats why i made our php 4.1.2 work like it worked before.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Feb 05 13:01:33 2025 UTC