|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8834 crypt() starts from not random salt
Submitted: 2001-01-22 06:05 UTC Modified: 2001-05-06 12:56 UTC
From: muhlig at us dot edu dot pl Assigned:
Status: Closed Package: *Encryption and hash functions
PHP Version: 4.0 Latest CVS (22/01/2001) OS: Solaris 2.4, 2.6
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: muhlig at us dot edu dot pl
New email:
PHP Version: OS:


 [2001-01-22 06:05 UTC] muhlig at us dot edu dot pl
PHP compiled as Apache module. Look like crypt() starts from not random salt. In case of my Solaris 2.4, first crypt() call always generates string starting from "IH". In case of Solaris 2.6 it always starts from "C.". 

Looks like in every instantiation of new Apache process PHP starts crypt from the same salt value.

In the same process next crypt() calls look like they generate random strings, though. But next process restarts with the same value.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-05 14:57 UTC]
This is most likely a Solaris specific issue as I can't 
reproduce this on Linux. 
Can you please include the output of this command in both
Solaris 2.4 and 2.6 (in php4):

# grep RAND main/php_config.h

It might be that in both of those system the seed generator
found is srand() which isn't so good as srandom() is.

But I also found (with google :) that srandom() might not be
that good either (in Solaris) so that leaves us with a problem. 

One solution might be that we run php_srand() in RINIT instead of MINIT when Solaris is used.


 [2001-04-05 16:03 UTC] muhlig at us dot edu dot pl
here you are:

Solaris 2.4:

# grep RAND main/php_config.h
#define HAVE_LRAND48 1
#define HAVE_RAND_R 1
/* #undef HAVE_RANDOM */
#define HAVE_SRAND48 1
/* #undef HAVE_SRANDOM */
# uname -a
SunOS helios 5.4 Generic_101945-60 sun4d sparc

Solaris 2.6

# grep RAND main/php_config.h
#define HAVE_LRAND48 1
#define HAVE_RAND_R 1
#define HAVE_RANDOM 1
#define HAVE_SRAND48 1
#define HAVE_SRANDOM 1
# uname -a
SunOS uranos 5.6 Generic_105181-21 sun4u sparc SUNW,Ultra-4

unfortunately I'm not able to discuss the solution, although I can test the one provided :-)), thank you
 [2001-05-06 12:56 UTC]
This should be fixed in CVS now. Please try it out.
Reopen if still not random..


PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Dec 05 08:05:54 2022 UTC