Req #62372 [Com]: crypt() and broken backwards compability in SHA rounds

jani dot ollikainen at mmd dot net Wed, 20 Jun 2012 04:44:51 -0700

Edit report at https://bugs.php.net/bug.php?id=62372&edit=1


 ID:                 62372
 Comment by:         jani dot ollikainen at mmd dot net
 Reported by:        jani dot ollikainen at mmd dot net
 Summary:            crypt() and broken backwards compability in SHA
                     rounds
 Status:             Open
 Type:               Feature/Change Request
 Package:            *Encryption and hash functions
 PHP Version:        5.4.4
 Block user comment: N
 Private report:     N

 New Comment:

Tested with patched 5.4.4 where:
#define ROUNDS_MIN 1

HASH: 
$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40
 - CRYPT: 
$6$rounds=10$qNElXs2yMnL2.GNS$YwaYQmhwsN2RzBImxlEjIL.0/YLlfYCDmyfozkCQWNKdKgZQtTpK3Y/TAw31deCnJrDzgrqpI6ckvJCBsoeNB/
NO MATCH

So problem isn't only in ROUNDS_MIN. Also I know that my hash hasn't $ after 
salt, but that's how PHP 5.1.6 creates it. Tested also with adding $ and result 
is similar:

HASH: 
$6$rounds=10$qNElXs2yMnL2.GNS$3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40
 - CRYPT: 
$6$rounds=10$qNElXs2yMnL2.GNS$YwaYQmhwsN2RzBImxlEjIL.0/YLlfYCDmyfozkCQWNKdKgZQtTpK3Y/TAw31deCnJrDzgrqpI6ckvJCBsoeNB/
NO MATCH

So something else is also different...


Previous Comments:
------------------------------------------------------------------------
[2012-06-20 10:58:38] jani dot ollikainen at mmd dot net

Description:
------------
http://fi2.php.net/manual/en/function.crypt.php

"CRYPT_SHA512 - SHA-512 hash with a sixteen character salt prefixed with $6$. 
If the salt string starts with 'rounds=<N>$', the numeric value of N is used to 
indicate how many times the hashing loop should be executed, much like the cost 
parameter on Blowfish. The default number of rounds is 5000, there is a minimum 
of 1000 and a maximum of 999,999,999. Any selection of N outside this range 
will be truncated to the nearest limit."

Why is that N put to minium of 1000? Now if I've made hash with old PHP (or 
with anything else) which has "$6$rounds=10$" I cannot check that, because if 
there's rounds mentioned PHP will do minimum of 1000 rounds and I get totally 
different hash to compare.

Sounds very nice! I can understant that rounds limit if I don't give salt to 
crypt(), but if I give a salt which has "$6$rounds=10$" it really should do 
just those 10 rounds!

Fails with:
PHP 5.4.4 (cli) (built: Jun 20 2012 13:48:48)
PHP 5.3.14 (cli) (built: Jun 20 2012 13:39:44)
PHP 5.3.3 (cli) (built: May  7 2012 19:58:17)

Works with:
PHP 5.1.6 (cli) (built: May  7 2012 15:03:06)


Test script:
---------------
<?php
$h='$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40';
$p='salasana';
$c=crypt($p,$h);
echo "HASH: $h - CRYPT: $c\n";
if ($c == $h)
{
  echo "MATCH OK\n";
}
else
{
  echo "NO MATCH\n";
}
?>

Expected result:
----------------
HASH: 
$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40
 - CRYPT: 
$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40
MATCH OK


Actual result:
--------------
HASH: 
$6$rounds=10$qNElXs2yMnL2.GNS3kiM7DqmGbFLdQfIwu2691aJgT3xgJazPLtw7RPKz3Dp8RIc4b5fmJ7qvlq/mPN8a.rE40
 - CRYPT: 
$6$rounds=1000$qNElXs2yMnL2.GNS$/q7trYkbKkoJernsumbObt2IysdXGRx/ytFaG0HBC97rHHhYRQvUcyEuRHP6h5yj8V.fH7XKEw5hjofVmYONw1
NO MATCH



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62372&edit=1

Req #62372 [Com]: crypt() and broken backwards compability in SHA rounds

Reply via email to