Crypt function outputting two different values depending on PHP version

Question

Using the password "testtest" and the hash "KFtIFW1vulG5nUH3a0Mv" with the following code results in different hashes depending on the PHP version (as shown in the image below):

$salt = "KFtIFW1vulG5nUH3a0Mv";
$password = "testtest";

$key = '$2a$07$';
$key = $key.$salt."$"; 

echo crypt($password, $key);

Output 1 (PHP v.5.3.0 - 5.4.41, 5.5.21 - 5.5.25, 5.6.5 - 5.6.9): $2a$07$KFtIFW1vulG5nUH3a0Mv$.0imhrNa/laTsN0Ioj5m357/a8AxxF2q

Output 2 (PHP v.5.5.0 - 5.5.20, 5.6.0 - 5.6.4): $2a$07$KFtIFW1vulG5nUH3a0Mv$e0imhrNa/laTsN0Ioj5m357/a8AxxF2q

Here is an example of the problem: http://3v4l.org/dikci

This is a massive issue if crypt is being used to hash passwords for a login, as depending on PHP version the hash will be different. Anybody understand what this issue is from and how to deal with it?

enter image description here

define *"depending on PHP version"* and read the manual http://php.net/crypt — Funk Forty Niner, May 25 '15 at 19:10
Take a look at the picture attached, certain PHP versions are outputting different results than other versions. I will add in the details now. — JimmyBanks, May 25 '15 at 19:11
see if this answers it http://www.codechewing.com/library/php-crypt-returning-different-hash-results/ — Funk Forty Niner, May 25 '15 at 19:19
PHP 5.5.21 and 5.6.5 both upgraded to crypt_blowfish 1.3. Probably some issue in the used crypt_blowfish in versions before them. — TimWolla, May 25 '15 at 19:43

score 2 · Accepted Answer · edited May 23 '17 at 11:51

2

This is not so much an issue as you may think.

First you should note, that your code is not absolutely correct, BCrypt requires a 22 character salt, but you provided a 20 character salt. This means that the terminating '$' (which is not necessary btw) will be seen as part of the salt, as well as the first letter of your password. The $ is not a valid character for a BCrypt salt though.

Another thing to consider is that not all bits of character 22 are used, this is due to the encoding, ircmaxell gave a good explanation about this. So different salts can result in the same hash, you can see this well in this answer. How different implementations handle this last bits of the character 22 could theoretically change. As long as the crypt function can verify the password with both hashes there is no problem.

The generation of the salt with its pitfalls is one of the reasons, why the functions password_hash() and password_verify() where written, they make the password handling much easier.

edited May 23 '17 at 11:51

Community

1
1

answered May 25 '15 at 20:03

martinstoeckli

23,430
6
56
87

You are absolutely right, changing the salt to 22 characters results in a consistent output. – JimmyBanks May 25 '15 at 20:09
1

@JimmyBanks - The examples are indeed a bit misleading, the comment says: `These salts are examples only, and should not be used verbatim in your code. You should generate a distinct, correctly-formatted salt for each password.`. Furthermore they use the algorithm '2a' which should be replaced with '2y' nowadays. Seems that they forgot to update the docs, probably because one should use the `password_hash()` function anyway. – martinstoeckli May 25 '15 at 20:31
@JimmyBanks - If you are unsure and need an "official" source whether the `$` is necessary, you can have a look at the [compatibility pack](https://github.com/ircmaxell/password_compat/blob/master/lib/password.php) of the password_hash() function. Somewhere about line 150 you can see how the salt is generated, the function is written by the same author who wrote the password_hash() function. And last but not least, have a look at the PHP code itself, it is available for free ;-) – martinstoeckli May 25 '15 at 20:36

Crypt function outputting two different values depending on PHP version

1 Answers1