[Bug 1046330] [NEW] Incorrect crypt() function behavior
Sergei Morozov
morozov at tut.by
Wed Sep 5 13:51:38 UTC 2012
Public bug reported:
The CRYPT_EXT_DES algorithm seems to be enabled but not used for
encryption.
The test is:
php -r "echo 'CRYPT_EXT_DES: ', CRYPT_EXT_DES, PHP_EOL, crypt(md5('my passw0rd'), '_.012saltIO.319ikKPU'), PHP_EOL;"
Expected output (depending on whether CRYPT_EXT_DES is enabled):
> CRYPT_EXT_DES: 1
> _.012saltIO.319ikKPU
OR
> CRYPT_EXT_DES: 0
> _.msUWmoj85W6
Actual output:
> CRYPT_EXT_DES: 1
> _.msUWmoj85W6
…which correstponds to standard DES encryption:
php -r "echo 'CRYPT_STD_DES: ', CRYPT_STD_DES, PHP_EOL, crypt(md5('my passw0rd'), '_.012saltIO.319ikKPU'), PHP_EOL;"
> CRYPT_STD_DES: 1
> _.msUWmoj85W6
lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
$ apt-cache policy php5
php5:
Installed: 5.3.10-1ubuntu3.2
Candidate: 5.3.10-1ubuntu3.2
Version table:
*** 5.3.10-1ubuntu3.2 0
500 http://by.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
100 /var/lib/dpkg/status
5.3.10-1ubuntu3 0
500 http://by.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1046330
Title:
Incorrect crypt() function behavior
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1046330/+subscriptions
More information about the Ubuntu-server-bugs
mailing list