|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #61307 hash-tiger generates a different value between 5.3/5.4
Submitted: 2012-03-06 21:33 UTC Modified: 2015-06-14 15:01 UTC
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: andres at phalconphp dot com Assigned: cmb (profile)
Status: Closed Package: hash related
PHP Version: 5.4.0 OS: Irrelevant
Private report: No CVE-ID: None
 [2012-03-06 21:33 UTC] andres at phalconphp dot com
The hash generated by PHP 5.3.x is diferent than the generated by 5.4.x using the hashing algorithm tiger160,3

Test script:
PHP 5.3.x:

[#] php -v
PHP 5.3.8 (cli) (built: Feb 28 2012 10:44:41) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'

[#] php -v
PHP 5.4.1RC1-dev (cli) (built: Mar  6 2012 16:25:42) (DEBUG)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'

Expected result:
Hash values returned must be the same for the same value between php versions


61307-patch.diff (last revision 2012-03-06 23:59 UTC by me at ktamura dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-06 21:38 UTC] andres at phalconphp dot com
Changed OS to Irrelevant
 [2012-03-06 21:38 UTC] andres at phalconphp dot com
-Operating System: Ubuntu +Operating System: Irrelevant
 [2012-03-06 23:58 UTC] me at ktamura dot com
This is a bug in ext/hash/hash_tiger.c It looks like there was a mistake during refactoring. I am attaching a patch.
 [2012-03-07 10:55 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

See changelog in documentation.
 [2012-03-07 10:55 UTC]
-Status: Open +Status: Not a bug
 [2012-03-07 16:22 UTC] andres at phalconphp dot com
This is quite unfortunate, We have thousand of passwords stored in the wrong hash order. It looks like we have to keep PHP 5.3 for a long time.
 [2012-03-07 18:15 UTC]
Yeah, I think we need to come up with a way to support both or else it leaves 
people without an easy way to fix those hashes. Technically I guess you can 
reconstruct it from the raw by flipping the bytes, but that is rather error-
 [2012-03-07 19:40 UTC] me at ktamura dot com
Thanks mike. I should have read the commit message first. Sorry for the false allegation.
 [2012-03-08 17:26 UTC]
Sorry folks, here's a one-liner to re-create pre-PHP-5.4 hashes:

implode("", array_map("bin2hex", array_map("strrev", 
str_split(hash("tiger192,3", $input, true), 8))));

Truncate the result to the length you need (128,160,192 bits).  Make sure every 
array value is 16 hex digits long or else lpad it with literal 0s.

If you used 192 bit tiger, you can use the following one-liner to create correct 
hashes from the wrong ones:

implode("", array_map("bin2hex", array_map("strrev", array_map("hex2bin", 
 [2012-03-08 17:39 UTC]
-Type: Bug +Type: Documentation Problem
 [2012-03-08 21:16 UTC] andres at phalconphp dot com
Thanks Mike and Rasmus for all your great help!
 [2012-03-09 08:49 UTC]
Here's something for the documentation team:

/* calculate pre-php-5.4 tiger hashes with php-5.4 */
function old_tiger($data = "", $width=192, $rounds = 3) {
    return substr(
                function ($h) {
                    return str_pad(bin2hex(strrev($h)), 16, "0");
                str_split(hash("tiger192,$rounds", $data, true), 8)
        0, 48-(192-$width)/4
 [2012-03-09 08:51 UTC]
-Status: Not a bug +Status: Open
 [2012-03-09 08:51 UTC]
The doc team would probably not notice an "not a bug" bug ;)
 [2015-06-14 15:00 UTC]
Automatic comment from SVN on behalf of cmb
Log: added example regarding changed byte-order of tiger hashes as of PHP 5.4 (fixes #61307)
 [2015-06-14 15:01 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-06-14 15:01 UTC]
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 14 15:01:29 2024 UTC