crypt() outcome different between PHP versions

Asked Dec 29 '15 at 17:35

Active Dec 29 '15 at 18:53

Viewed 24 times

I have to transfer a very old application from an old server with PHP 5.4 to a server with PHP version 5.6.

When using the PHP crypt() function outputting data on a server with PHP version 5.4.39 looks like this:

$2a$08$suUW14s06.5.us82.$$$$.iOPijt4Dzhwyw.2

Which is correct. And a server with PHP version 5.6.16 outputs this:

$2a$08$suUW14s06.5.us82.$

The code and input data is exactly the same. It looks like the prepended salt is only outputted, but not the given value to hash?

This is the hashing function:

function hash($string)
{
    return crypt($string, '$2a$08$' . ENCRYPTION_SALT . '$');
}

Where ENCRYPTION_SALT is a 17 character long string:

zgUo92vv6.9.ww33.

edited Dec 29 '15 at 18:53

asked Dec 29 '15 at 17:35

Jesse

Show the actual `crypt()` or at least an example – RiggsFolly Dec 29 '15 at 17:38
As you can see in [the changelog of this function](http://php.net/manual/en/function.crypt.php#refsect1-function.crypt-changelog), there were quite some changes between your two versions. probably it has to do something with that? – ArSeN Dec 29 '15 at 17:39
@RiggsFolly Function is added – Jesse Dec 29 '15 at 17:46
Are you sure that the system running the new version supports Blowfish in `crypt(3)`? – Ignacio Vazquez-Abrams Dec 29 '15 at 18:24
Problem is all to do with a salt of less that 22 chars and using a $ in the salt which is not a valid character to exist in a salt for blowfish, see dup answers – RiggsFolly Dec 29 '15 at 18:45
@IgnacioVazquez-Abrams Nothing in the changelogas noted by ArSen seems to show changes for the Blowfish algo – Jesse Dec 29 '15 at 18:46
@RiggsFolly See my updated answer – Jesse Dec 29 '15 at 18:56

0 Answers0