php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8834 crypt() starts from not random salt
Submitted: 2001-01-22 06:05 UTC Modified: 2001-05-06 12:56 UTC
From: muhlig at us dot edu dot pl Assigned:
Status: Closed Package: *Encryption and hash functions
PHP Version: 4.0 Latest CVS (22/01/2001) OS: Solaris 2.4, 2.6
Private report: No CVE-ID: None
 [2001-01-22 06:05 UTC] muhlig at us dot edu dot pl
PHP compiled as Apache module. Look like crypt() starts from not random salt. In case of my Solaris 2.4, first crypt() call always generates string starting from "IH". In case of Solaris 2.6 it always starts from "C.". 

Looks like in every instantiation of new Apache process PHP starts crypt from the same salt value.

In the same process next crypt() calls look like they generate random strings, though. But next process restarts with the same value.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-05 14:57 UTC] sniper@php.net
This is most likely a Solaris specific issue as I can't 
reproduce this on Linux. 
Can you please include the output of this command in both
Solaris 2.4 and 2.6 (in php4):

# grep RAND main/php_config.h

It might be that in both of those system the seed generator
found is srand() which isn't so good as srandom() is.

But I also found (with google :) that srandom() might not be
that good either (in Solaris) so that leaves us with a problem. 

One solution might be that we run php_srand() in RINIT instead of MINIT when Solaris is used.

--Jani

 [2001-04-05 16:03 UTC] muhlig at us dot edu dot pl
here you are:

Solaris 2.4:

# grep RAND main/php_config.h
#define HAVE_LRAND48 1
#define HAVE_RAND_R 1
/* #undef HAVE_RANDOM */
#define HAVE_SRAND48 1
/* #undef HAVE_SRANDOM */
# uname -a
SunOS helios 5.4 Generic_101945-60 sun4d sparc
#

Solaris 2.6

# grep RAND main/php_config.h
#define HAVE_LRAND48 1
#define HAVE_RAND_R 1
#define HAVE_RANDOM 1
#define HAVE_SRAND48 1
#define HAVE_SRANDOM 1
# uname -a
SunOS uranos 5.6 Generic_105181-21 sun4u sparc SUNW,Ultra-4
#

unfortunately I'm not able to discuss the solution, although I can test the one provided :-)), thank you
 [2001-05-06 12:56 UTC] sniper@php.net
This should be fixed in CVS now. Please try it out.
Reopen if still not random..

--Jani

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 04:01:23 2021 UTC