php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #61307 hash-tiger generates a different value between 5.3/5.4
Submitted: 2012-03-06 21:33 UTC Modified: 2015-06-14 15:01 UTC
Votes:3
Avg. Score:3.7 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: andres at phalconphp dot com Assigned: cmb (profile)
Status: Closed Package: hash related
PHP Version: 5.4.0 OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andres at phalconphp dot com
New email:
PHP Version: OS:

 

 [2012-03-06 21:33 UTC] andres at phalconphp dot com 
Description:
------------
The hash generated by PHP 5.3.x is diferent than the generated by 5.4.x using the hashing algorithm tiger160,3





Test script:
---------------
PHP 5.3.x:

[#] php -v
PHP 5.3.8 (cli) (built: Feb 28 2012 10:44:41) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'
f8d2f5f634cc0ec4f495ac1aeb45010e90e310a3

[#] php -v
PHP 5.4.1RC1-dev (cli) (built: Mar  6 2012 16:25:42) (DEBUG)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

[#] php -r 'echo hash("tiger160,3", "1awks!4090");'
c40ecc34f6f5d2f80e0145eb1aac95f43045295d


Expected result:
----------------
Hash values returned must be the same for the same value between php versions

Patches

61307-patch.diff (last revision 2012-03-06 23:59 UTC by me at ktamura dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-03-06 21:38 UTC] andres at phalconphp dot com 
Changed OS to Irrelevant
 [2012-03-06 21:38 UTC] andres at phalconphp dot com
-Operating System: Ubuntu +Operating System: Irrelevant
 [2012-03-06 23:58 UTC] me at ktamura dot com 
This is a bug in ext/hash/hash_tiger.c It looks like there was a mistake during refactoring. I am attaching a patch.
 [2012-03-07 10:55 UTC] mike@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See changelog in documentation.
 [2012-03-07 10:55 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2012-03-07 16:22 UTC] andres at phalconphp dot com 
This is quite unfortunate, We have thousand of passwords stored in the wrong hash order. It looks like we have to keep PHP 5.3 for a long time.
 [2012-03-07 18:15 UTC] rasmus@php.net 
Yeah, I think we need to come up with a way to support both or else it leaves 
people without an easy way to fix those hashes. Technically I guess you can 
reconstruct it from the raw by flipping the bytes, but that is rather error-
prone.
 [2012-03-07 19:40 UTC] me at ktamura dot com 
Thanks mike. I should have read the commit message first. Sorry for the false allegation.
 [2012-03-08 17:26 UTC] mike@php.net 
Sorry folks, here's a one-liner to re-create pre-PHP-5.4 hashes:

implode("", array_map("bin2hex", array_map("strrev", 
str_split(hash("tiger192,3", $input, true), 8))));

Truncate the result to the length you need (128,160,192 bits).  Make sure every 
array value is 16 hex digits long or else lpad it with literal 0s.

If you used 192 bit tiger, you can use the following one-liner to create correct 
hashes from the wrong ones:

implode("", array_map("bin2hex", array_map("strrev", array_map("hex2bin", 
str_split($wronghash,16)))));
 [2012-03-08 17:39 UTC] mike@php.net
-Type: Bug +Type: Documentation Problem
 [2012-03-08 21:16 UTC] andres at phalconphp dot com 
Thanks Mike and Rasmus for all your great help!
 [2012-03-09 08:49 UTC] mike@php.net 
Here's something for the documentation team:

/* calculate pre-php-5.4 tiger hashes with php-5.4 */
function old_tiger($data = "", $width=192, $rounds = 3) {
    return substr(
        implode(
            array_map(
                function ($h) {
                    return str_pad(bin2hex(strrev($h)), 16, "0");
                },
                str_split(hash("tiger192,$rounds", $data, true), 8)
            )
        ),
        0, 48-(192-$width)/4
    );
}
 [2012-03-09 08:51 UTC] mike@php.net
-Status: Not a bug +Status: Open
 [2012-03-09 08:51 UTC] mike@php.net 
The doc team would probably not notice an "not a bug" bug ;)
 [2015-06-14 15:00 UTC] cmb@php.net 
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&revision=336947
Log: added example regarding changed byte-order of tiger hashes as of PHP 5.4 (fixes #61307)
 [2015-06-14 15:01 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-06-14 15:01 UTC] cmb@php.net 
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 18:01:28 2024 UTC