[php-maint] Bug#572601: Bug#572561: php5: crypt() output inconsistency between version 5.2 and 5.3

Ondřej Surý ondrej at debian.org
Tue Mar 9 13:38:20 UTC 2010

On Tue, Mar 9, 2010 at 14:27, fonsinchen <ulfonk_mennhar at gmx.de> wrote:
> Ondřej Surý wrote:
>> I just checked ext/standard/config.m4 in 5.3.2 and it contains this code:
> [...]
> We're definitely talking about standard DES in both versions.

I know. I have listed a reason why does PHP use it's own crypt
function implementation.

> Giving a 2
> character salt should make it use standard DES. Also the length and format of
> the output hints at that. The output from php 5.2 should be the same as the
> output from php 5.3, at least for valid salts. If it isn't there should at least
> be an explanation for that behaviour somewhere and possibly a workaround. Mind
> that the crypt() function is frequently used for validating passwords.

The reason why it fails is that from php 5.3.0 there is a new
"portable" re-implementation of crypt function which is used when any
of supported crypt function is not found.

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list