[php-maint] Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3

Fonso ulfonk_mennhar at gmx.de
Thu Mar 4 21:30:19 UTC 2010

Package: php5
Version: 5.3.1-5
Severity: important

The output of crypt() for certain salts has changed between version 5.2.6-1+lenny6 and 5.3.1-5
The following small test script demonstrates this:

<?php echo crypt("semmel", "1$"); ?>

With php 5.3.1-5 this results in: 1$YZfgMfg2BiI
With php 5.2.6-1+lenny6 this results in: 1$IjqLeTnxFwo

As far as I can see from the documentation at http://de.php.net/manual/en/function.crypt.php "1$" is a valid salt for standard DES.

As a side note, the same output is generated, with the following script which provides an invalid, but different, salt:

<?php echo crypt("semmel", 1); ?>

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.3.1-5    server-side, HTML-embedded scripti
ii  php5-common                   5.3.1-5    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

More information about the pkg-php-maint mailing list