2

I’m having a problem in encryption using PHP crypt

Following is my code :

echo $ret = crypt('Dave@123','$2y$10$XLLl50bLyTWfjcvCAxwGRu/px2Q.LXN0fHpD1KN2CQCMx/tpL1V62');

1) When using crypt in PHP Version 5.4.22 It results:

 $2y$10$XLLl50bLyTWfjcvCAxwGRu/px2Q.LXN0fHpD1KN2CQCMx/tpL1V62

2) When used with PHP Version 5.2.17 it results

 $25nFTQHtfjVg

I want the same result as 1.

hakre
  • 193,403
  • 52
  • 435
  • 836
Shahid Aslam
  • 2,585
  • 3
  • 24
  • 31
  • 3
    Are you aware that your first result from 1) shows the second input to the crypt function? I wouldn't want to get my input as output back. – Samuel Feb 13 '14 at 14:58
  • @Samuel You are aware that this is intended behaviour? – TimWolla Feb 13 '14 at 15:09
  • PHP 5.2 is end of live. You actually don't want that. -- -1: Only wanting sth. does not qualify as a programming question. Edit: Shame on you upvoters (:)): Even more votes than the duplicate that exists for months and has answers (!). – hakre May 04 '14 at 10:08
  • possible duplicate of [to use CRYPT\_BLOWFISH on php 5.2 that doesn't support it](http://stackoverflow.com/questions/11637445/to-use-crypt-blowfish-on-php-5-2-that-doesnt-support-it) – hakre May 04 '14 at 10:09

2 Answers2

1

The issue is the 2y blowfish prefix. It was introduced after a security issue in PHP 5.3.7 and so PHP 5.2 does not know about it, sees an invalid $salt and generates an invalid hash.

The equivalent in PHP 5.2 is 2a, but it might be affected by the mentioned security issue (I did not check).

TimWolla
  • 31,849
  • 8
  • 63
  • 96
1

From the manual. I came to know that they introduced Update $2y$ Blowfish modes on 5.3.7. So in PHP 5.2.17 you may get DES. The type of hashing is decided from the salt you provides.

Sanoob
  • 2,466
  • 4
  • 30
  • 38