|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69707 Crypt outputs different hash depending on PHP version
Submitted: 2015-05-25 20:01 UTC Modified: 2015-05-25 21:40 UTC
From: jdavis at outlook dot com Assigned:
Status: Not a bug Package: hash related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: jdavis at outlook dot com
New email:
PHP Version: OS:


 [2015-05-25 20:01 UTC] jdavis at outlook dot com
Using the crypt function, identical code will result in an output that will vary depending on the PHP version.

Test script:

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2y$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);


Expected result:
I expect the result to be the same for every version, as this function can be used for login/passwords and updating PHP can result in an unusable login.

Actual result:
An example can be seen here:

-Output for 5.3.7 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9:

-Output for 5.5.0 - 5.5.20, 5.6.0 - 5.6.4:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
-Status: Open +Status: Closed
 [2015-05-25 20:12 UTC] jdavis at outlook dot com
The salt is 2 characters too short, this is causing the unexpected output.
 [2015-05-25 21:40 UTC]
-Status: Closed +Status: Not a bug
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sat Jan 29 01:03:36 2022 UTC