-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypt-blowfish returns *0 rather than hash #7420
Comments
I see the cause, will put up a diff tomorrow. |
Thanks @Orvid I look forward to the fix. |
Hrmmm... It actually looks like PHP 7 actually changed this behavior: https://3v4l.org/5tIPh The key that's being provided says it's blowfish (the The behavior of getting a hash back is the result of it falling back to DES in that case, which php/php-src@4a2fe3d changed. |
@Orvid since the behavior has changed in PHP 7, maybe this issue can be closed as a "won't fix". From our end it causes a failure in our old password encryption method which was replaced with the newer PHP password hash. The old method is only implemented as a bc for upgrades in the 3.x versions and has been dropped in 4.0-dev. Thoughts? |
@Orvid I've run into another issue with this. Apparently, if there is a case needing to verify a crypt() hashed text it will fail. example code $password = 'mySuperSecretPassword';
$hash = '$2xzaiMREaf7o';
$valid = hash_equals(crypt($password, $hash), $hash);
if ($valid === true)
{
echo "OK\n"; // This is the expected result
}
else
{
echo "Not OK\n"; // This is a Failure
} Note in php 7.0-7.1 the result is OK with a notice about |
Still an issue in HHVM 3.19.0 also differs from PHP 7 @Orvid please add the |
closing as per https://hhvm.com/blog/2017/09/18/the-future-of-hhvm.html |
Expected this issue to have been fixed as noted in #1071
Still getting *0 as return
HHVM Version
3.15.2
3.16.0-dev
Standalone code, or other way to reproduce the problem
More test code from https://github.com/facebook/hhvm/blob/master/hphp/test/zend/bad/ext/standard/tests/strings/crypt_blowfish_variation2.php
https://3v4l.org/GOZIG
Expected result
a hash of length 13 should be returned from
crypt()
Actual result
return is just
*0
a value indicating a failureThe text was updated successfully, but these errors were encountered: