PHP :: Bug #69707 :: Crypt outputs different hash depending on PHP version

Bug #69707	Crypt outputs different hash depending on PHP version
Submitted:	2015-05-25 20:01 UTC	Modified:	2015-05-25 21:40 UTC
From:	jdavis at outlook dot com	Assigned:
Status:	Not a bug	Package:	hash related
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-05-25 20:01 UTC] jdavis at outlook dot com

Description:
------------
Using the crypt function, identical code will result in an output that will vary depending on the PHP version.

Test script:
---------------
<?php

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2y$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);

?>

Expected result:
----------------
I expect the result to be the same for every version, as this function can be used for login/passwords and updating PHP can result in an unusable login.

Actual result:
--------------
An example can be seen here: http://3v4l.org/qqHUe


-Output for 5.3.7 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9:
$2y$07$KFtIFW1vulG5nUH3a0Mv$.0imhrNa/laTsN0Ioj5m357/a8AxxF2q

-Output for 5.5.0 - 5.5.20, 5.6.0 - 5.6.4:
$2y$07$KFtIFW1vulG5nUH3a0Mv$e0imhrNa/laTsN0Ioj5m357/a8AxxF2q

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-05-25 20:12 UTC] jdavis at outlook dot com

-Status: Open +Status: Closed

[2015-05-25 20:12 UTC] jdavis at outlook dot com

The salt is 2 characters too short, this is causing the unexpected output.

[2015-05-25 21:40 UTC] rasmus@php.net

-Status: Closed +Status: Not a bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 17:01:28 2024 UTC