|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50052 Crypt - Different Hashes on Windows and Linux on wrong Salt size
Submitted: 2009-11-02 02:39 UTC Modified: 2009-11-02 20:47 UTC
From: otaviodiniz at gmail dot com Assigned: pajoye
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3.0 OS: Windows 7
Private report: No CVE-ID:
 [2009-11-02 02:39 UTC] otaviodiniz at gmail dot com
The behave of Crypt function on Windows and Linux boxes are different.
In the sample function we create a Salt with length of 12 characters.

First, the Salt size is incorrect, if i remove one character the Salt, the result will be correct.

But with the wrong Salt size the behavior are different:

On Windows - The output is incorrect, as it shows the whole Salt without the terminator $...

On Linux - PHP strips one character of Salt into it's correct expected size, outputing correctly with the terminator $...

Reproduce code:

function md5crypt($password)
  for($i=0; $i<9; $i++)
  echo "<pre>";
  echo "Salt:   ".$salt."<br />\r\n";
  echo "Output: ".crypt($password,$salt);
  echo "</pre>";

Expected result:
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Actual result:
Salt:   $1$XcPmtBmRG$
Output: $1$XcPmtBmRGuM82Sm1HMy0I0lX0P3nAd0


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-02 09:46 UTC]
Cannot reproduce:

g:\php-sdk\php53\vc9\x8\php53>\test\php52ntssnap\php.exe ..\50052.php

Salt:   $1$f+uslYF01$
Output: $1$f+uslYF0$orVloNmKSLvOeswusE0bY.

Please try using VC9-x86 binaries,
 [2009-11-02 09:59 UTC]
Forgot to copy 5.3 output as well:

g:\php-sdk\php53\vc9\x86\php53>..\obj\Debug\php.exe ..\50052.php
Salt:   $1$f+uslYF01$
Output: $1$f+uslYF01orVloNmKSLvOeswusE0bY.

 [2009-11-02 13:57 UTC] otaviodiniz at gmail dot com
As you can see the output are different in 5.2 and 5.3 near 0$or 01or.
 [2009-11-02 20:46 UTC]
Automatic comment from SVN on behalf of pajoye
Log: - Fixed #50052, Different Hashes on Windows and Linux on wrong Salt size
 [2009-11-02 20:47 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2011-04-07 12:15 UTC] catalin at aceora dot com
I what version of PHP was this implemented ?
I call the crypt function from two pc, with two different PHP versions, and i get two separate results.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Nov 25 16:01:37 2015 UTC