|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2012-07-02 05:12 UTC] smt837784 at yahoo dot com
[2012-07-02 05:26 UTC] rasmus@php.net
-Status: Open
+Status: Not a bug
[2012-07-02 05:26 UTC] rasmus@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Oct 27 17:00:01 2025 UTC |
Description: ------------ The documentation states, that the salt for bcrypt hashing requires 22 characters. You do actually need to provide 22 Characters, however the last character is (partially) ignored and not appended to the salt in the encrypted password. It seems that it is not a complete ingorance, however. Apparently the characters a-e produce the same results, as do the characters f-z and A-Z. This doesn't seem right.... Test script: --------------- // More than 22 Characters will be trimmed echo crypt('Test','$2a$09$alongstringwithmanycharacters'); // $2a$09$alongstringwithmanychOw5ylWHc1konZ7sxrgs2HrhMWZdgvW0W // 21 Characters -> Error echo crypt('Test','$2a$09$alongstringwithmanych'); // *0 // 22 Characters -> Works, notice how the last char isn't shown in the pw echo crypt('Test','$2a$09$alongstringwithmanycha'); // $2a$09$alongstringwithmanychOw5ylWHc1konZ7sxrgs2HrhMWZdgvW0W // 22 Characters -> Different salt, same result! The last char is required but ignored echo crypt('Test','$2a$09$alongstringwithmanychb'); // $2a$09$alongstringwithmanychOw5ylWHc1konZ7sxrgs2HrhMWZdgvW0W