php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53743 Crypt() returns inconsistant results on numeric strings
Submitted: 2011-01-14 02:59 UTC Modified: -
Votes:5
Avg. Score:4.4 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: daniel dot macdonald at designory dot com Assigned:
Status: Open Package: *Encryption and hash functions
PHP Version: 5.3.5 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: daniel dot macdonald at designory dot com
New email:
PHP Version: OS:

 

 [2011-01-14 02:59 UTC] daniel dot macdonald at designory dot com
Description:
------------
---
From manual page: http://www.php.net/function.crypt#Return Values
---

The crypt() function, when using MD5, returns different results if the input string is all numeric.

Test script:
---------------
<?php
$salt = '$1$abcdefgh$';
$pass = '123';
$pass2 = '123a';
echo crypt($pass, $salt)."<br />\n";
echo crypt($pass, $salt)."<br /><br />\n";
echo crypt($pass2, $salt)."<br />\n";
echo crypt($pass2, $salt)."<br />\n";
?>

Expected result:
----------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/

Actual result:
--------------
$1$abcdefgh$OTo2MhKVLtpE9bkEycLQf0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-14 18:48 UTC] daniel dot macdonald at designory dot com
Another test case producing weird results?:

code:

$salt = '$1$abcdefgh$';
$pass = '123';
for ($i=0; $i<3; $i++) {
	echo crypt($pass, $salt)."<br />\n";
}
echo crypt($pass, $salt)."<br />\n";

outputs:

$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$JwVLNLvq4bwIKuyv1qm8L0
$1$abcdefgh$ohde1Lc7jN2GJjhi5UKGV0
 [2011-02-22 15:59 UTC] tomas dot brastavicius at quantum dot lt
Could not reproduce this bug on Ubuntu 10.10, PHP 5.3.6RC1, configured with
./configure
--with-mhash \
--with-mcrypt

Actual result:
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/
$1$abcdefgh$lYixNHkMJRqYy77zCKbOj/

$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
$1$abcdefgh$PiPnB9KJsYjPIXtoia0WK/
 [2011-05-12 17:45 UTC] os at irj dot ru
Win 7 x64
PHP 5.3.6 x86 MSVC9 (Visual C++ 2008) Thread Safety AS Apache 2.2 Module
Apache/2.2.17 x86 NO SSL

Sctipt:
<?php 
echo crypt("dev", '$1$dW0.is5.$10CH101gGOr1677ZYd517.'); 
?>

Expected Result
---------------
$1$dW0.is5.$10CH101gGOr1677ZYd517.

Actual result
-------------
FireFox 4:
$1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1

IE 9 with meny F5 refresh actual result is
Result 1: $1$dW0.is5.$PAX1vDQNMC0Ag2U3joEb71
Result 2: $1$dW0.is5.$fELOCg/o4M4JSqjT0FAaZ1
in cycle

If I reload apache 2 service hash result are changing to some other
FF: $1$dW0.is5.$j9t0S3va.9brcE2kIILGx1
IE: $1$dW0.is5.$d2QAXWA.uqHWaY1KopvYr., $1$dW0.is5.$j9t0S3va.9brcE2kIILGx1

etc
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Aug 24 16:01:26 2019 UTC