php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41202 crypt function returns different hashes in PHP4/PHP5
Submitted: 2007-04-26 13:46 UTC Modified: 2007-04-26 15:04 UTC
From: nickmc33 at hotmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 5.2.1 OS: Windows Server 2003 x64 Edition
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: nickmc33 at hotmail dot com
New email:
PHP Version: OS:

 

 [2007-04-26 13:46 UTC] nickmc33 at hotmail dot com
Description:
------------
I'm finding that the crypt function produces different hashes on PHP4 and PHP5 systems when the second character of the salt is an underscore.







Reproduce code:
---------------
<?php
print crypt("password","x_")."<br />";
print crypt("password","xx");
?>

Expected result:
----------------
The hashes generated should always be the same.

Actual result:
--------------
Using the test code above the first hash will be different when ran using PHP 5.2.1 and PHP 4.4.4, but the second hash will always be the same.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-04-26 13:53 UTC] nickmc33 at hotmail dot com
Test results:

PHP4:

x_JPQON7N9.Ls
xxj31ZMTZzkVA

PHP5:

x_961N.JoN.jw
xxj31ZMTZzkVA
 [2007-04-26 14:38 UTC] tony2001@php.net
PHP5.2 on windows returns the same result as on PHP5 & PHP4 on Linux.
So there was a problem in PHP4 on windows which eventually got fixed.
 [2007-04-26 14:55 UTC] nickmc33 at hotmail dot com
Bogus? I'd imagine that this bug still exists in the latest version of PHP4 as there's no mention of a fix in subsequent updates. The bugged version of PHP that we're runnign isn't really that old (4.4.4). We're going to have to be careful when upgrading now.
 [2007-04-26 14:56 UTC] nickmc33 at hotmail dot com
Reopened for comment.
 [2007-04-26 14:57 UTC] daveyfelton at hotmail dot com
Why on earth has this bug been marked as bogus!? Of course it's a bug! This is going to cause us so many problems when we upgrade from PHP 4 to 5, becuase all the user passwords we have stored with one way encryption based on crypt won't work anymore!
 [2007-04-26 15:04 UTC] tony2001@php.net
>This is going to cause us so many problems when we upgrade from 
>PHP 4 to 5

I said the crypt function has been FIXED.
Now it returns the same result as on Linux.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Jun 21 18:01:52 2018 UTC