[php-maint] Bug#623220: Bug#623220: php5: crypt() function with empty salt returns empty string
Ondřej Surý
ondrej at debian.org
Mon Apr 18 14:25:04 UTC 2011
forcemerge 581170 623220
found 581170 5.3.3-7+squeeze1
tag 581170 +squeeze
thank you
On Mon, Apr 18, 2011 at 15:04, Michael Neubert
<debian at michael-neubert.de> wrote:
> Package: php5
> Version: 5.3.3-7+squeeze1
> Severity: normal
>
>
> Since Debian Squeeze the behaviour of the crypt() function changed.
> With an empty second argument (salt), the result is always an empty string
> instead of a hash string (see documentation for the crypt() function).
The documentation says:
> "An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results. "
There is nothing wrong about returning empty string (aka unexpected
result) - which hashing do you want anyway?
However this has been fixed in the current unstable + testing by
generating SHA512 salt+hash, but I don't think the bug is serious
enough to include fix for this in the stable updates, since the
function behaves according to a documentation.
I am merging this bug and marking it as affecting the squeeze release.
O.
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list