php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #61307 hash-tiger generates a different value between 5.3/5.4
Submitted: 2012-03-06 21:33 UTC Modified: 2015-06-14 15:01 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: andres at phalconphp dot com Assigned: cmb (profile)
Status: Closed Package: hash related
PHP Version: 5.4.0 OS: Irrelevant
Private report: No CVE-ID: None
 [2012-03-06 21:33 UTC] andres at phalconphp dot com
Description:
------------
The hash generated by PHP 5.3.x is diferent than the generated by 5.4.x using the hashing algorithm tiger160,3





Test script:
---------------
PHP 5.3.x:

[#] php -v
PHP 5.3.8 (cli) (built: Feb 28 2012 10:44:41) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'
f8d2f5f634cc0ec4f495ac1aeb45010e90e310a3

[#] php -v
PHP 5.4.1RC1-dev (cli) (built: Mar  6 2012 16:25:42) (DEBUG)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'
c40ecc34f6f5d2f80e0145eb1aac95f43045295d


Expected result:
----------------
Hash values returned must be the same for the same value between php versions


Patches

61307-patch.diff (last revision 2012-03-06 23:59 UTC by me at ktamura dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-06 21:38 UTC] andres at phalconphp dot com
Changed OS to Irrelevant
 [2012-03-06 21:38 UTC] andres at phalconphp dot com
-Operating System: Ubuntu +Operating System: Irrelevant
 [2012-03-06 23:58 UTC] me at ktamura dot com
This is a bug in ext/hash/hash_tiger.c It looks like there was a mistake during refactoring. I am attaching a patch.
 [2012-03-07 10:55 UTC] mike@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See changelog in documentation.
 [2012-03-07 10:55 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2012-03-07 16:22 UTC] andres at phalconphp dot com
This is quite unfortunate, We have thousand of passwords stored in the wrong hash order. It looks like we have to keep PHP 5.3 for a long time.
 [2012-03-07 18:15 UTC] rasmus@php.net
Yeah, I think we need to come up with a way to support both or else it leaves 
people without an easy way to fix those hashes. Technically I guess you can 
reconstruct it from the raw by flipping the bytes, but that is rather error-
prone.
 [2012-03-07 19:40 UTC] me at ktamura dot com
Thanks mike. I should have read the commit message first. Sorry for the false allegation.
 [2012-03-08 17:26 UTC] mike@php.net
Sorry folks, here's a one-liner to re-create pre-PHP-5.4 hashes:

implode("", array_map("bin2hex", array_map("strrev", 
str_split(hash("tiger192,3", $input, true), 8))));

Truncate the result to the length you need (128,160,192 bits).  Make sure every 
array value is 16 hex digits long or else lpad it with literal 0s.

If you used 192 bit tiger, you can use the following one-liner to create correct 
hashes from the wrong ones:

implode("", array_map("bin2hex", array_map("strrev", array_map("hex2bin", 
str_split($wronghash,16)))));
 [2012-03-08 17:39 UTC] mike@php.net
-Type: Bug +Type: Documentation Problem
 [2012-03-08 21:16 UTC] andres at phalconphp dot com
Thanks Mike and Rasmus for all your great help!
 [2012-03-09 08:49 UTC] mike@php.net
Here's something for the documentation team:

/* calculate pre-php-5.4 tiger hashes with php-5.4 */
function old_tiger($data = "", $width=192, $rounds = 3) {
    return substr(
        implode(
            array_map(
                function ($h) {
                    return str_pad(bin2hex(strrev($h)), 16, "0");
                },
                str_split(hash("tiger192,$rounds", $data, true), 8)
            )
        ),
        0, 48-(192-$width)/4
    );
}
 [2012-03-09 08:51 UTC] mike@php.net
-Status: Not a bug +Status: Open
 [2012-03-09 08:51 UTC] mike@php.net
The doc team would probably not notice an "not a bug" bug ;)
 [2015-06-14 15:00 UTC] cmb@php.net
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&revision=336947
Log: added example regarding changed byte-order of tiger hashes as of PHP 5.4 (fixes #61307)
 [2015-06-14 15:01 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-06-14 15:01 UTC] cmb@php.net
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Oct 16 18:01:27 2019 UTC