[php-maint] Bug#623220: Bug#623220: php5: crypt() function with empty salt returns empty string

Ondřej Surý ondrej at debian.org
Mon Apr 18 14:25:04 UTC 2011

forcemerge 581170 623220
found 581170 5.3.3-7+squeeze1
tag 581170 +squeeze
thank you

On Mon, Apr 18, 2011 at 15:04, Michael Neubert
<debian at michael-neubert.de> wrote:
> Package: php5
> Version: 5.3.3-7+squeeze1
> Severity: normal
> Since Debian Squeeze the behaviour of the crypt() function changed.
> With an empty second argument (salt), the result is always an empty string
> instead of a hash string (see documentation for the crypt() function).

The documentation says:

> "An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results. "

There is nothing wrong about returning empty string (aka unexpected
result) - which hashing do you want anyway?

However this has been fixed in the current unstable + testing by
generating SHA512 salt+hash, but I don't think the bug is serious
enough to include fix for this in the stable updates, since the
function behaves according to a documentation.

I am merging this bug and marking it as affecting the squeeze release.

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list