|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41202 crypt function returns different hashes in PHP4/PHP5
Submitted: 2007-04-26 13:46 UTC Modified: 2007-04-26 15:04 UTC
From: nickmc33 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.2.1 OS: Windows Server 2003 x64 Edition
Private report: No CVE-ID: None
 [2007-04-26 13:46 UTC] nickmc33 at hotmail dot com
I'm finding that the crypt function produces different hashes on PHP4 and PHP5 systems when the second character of the salt is an underscore.

Reproduce code:
print crypt("password","x_")."<br />";
print crypt("password","xx");

Expected result:
The hashes generated should always be the same.

Actual result:
Using the test code above the first hash will be different when ran using PHP 5.2.1 and PHP 4.4.4, but the second hash will always be the same.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-26 13:53 UTC] nickmc33 at hotmail dot com
Test results:




 [2007-04-26 14:38 UTC]
PHP5.2 on windows returns the same result as on PHP5 & PHP4 on Linux.
So there was a problem in PHP4 on windows which eventually got fixed.
 [2007-04-26 14:55 UTC] nickmc33 at hotmail dot com
Bogus? I'd imagine that this bug still exists in the latest version of PHP4 as there's no mention of a fix in subsequent updates. The bugged version of PHP that we're runnign isn't really that old (4.4.4). We're going to have to be careful when upgrading now.
 [2007-04-26 14:56 UTC] nickmc33 at hotmail dot com
Reopened for comment.
 [2007-04-26 14:57 UTC] daveyfelton at hotmail dot com
Why on earth has this bug been marked as bogus!? Of course it's a bug! This is going to cause us so many problems when we upgrade from PHP 4 to 5, becuase all the user passwords we have stored with one way encryption based on crypt won't work anymore!
 [2007-04-26 15:04 UTC]
>This is going to cause us so many problems when we upgrade from 
>PHP 4 to 5

I said the crypt function has been FIXED.
Now it returns the same result as on Linux.
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Feb 24 14:01:27 2020 UTC