3

Code:

echo $a = 'stackoverflow';
echo '<br>';
echo $b = '$2a$10$bf57caf7e1fa23e4b975ab';
echo '<br>CRYPT:<br>';
echo crypt($a, $b);

Results:

PHP 5.2.5

stackoverflow
$2a$10$bf57caf7e1fa23e4b975ab
CRYPT:
$2.LaeiP21fsQ

PHP 5.4.4

stackoverflow
$2a$10$bf57caf7e1fa23e4b975ab
CRYPT:
$2a$10$bf57caf7e1fa23e4b975aOhXjTtYrqOYLfHsxdOxGRhF03.LtKewW

I want to move the script to a new server with PHP 5.4.4 I would like to get the same effect as the 5.2.5 hashes, otherwise I will lose some data

If I use salt with ending $ - the result is the same

I read this:

As of PHP 5.3.0, PHP contains its own implementation and will use that if the system lacks of support for one or more of the algorithms.

But the algorithm should not be different.

Please help.

Kubol
  • 353
  • 2
  • 7
  • 1
    Maybe this helps: http://www.php.net/security/crypt_blowfish.php – Fabian Schmengler Feb 22 '13 at 10:06
  • I found this http://bugs.php.net/bug.php?id=60073&edit=1 – Kubol Feb 22 '13 at 11:08
  • 1
    That bug you linked to ... is not a bug. Read the bottom of the file for the explanation showing that. >> "You got this output on earlier versions of PHP where CRYPT_BLOWFISH was not supported, or perhaps a buggy version was being used." – Jon Feb 24 '13 at 10:47

1 Answers1

1

Prior to PHP 5.3.0, Blowfish was only available if your system's C library provided it (and almost no one's did). Passing a Blowfish salt in systems that don't have a Blowfish implementation results in a crapshoot of algorithm selection - usually, a DES hash.

TML
  • 12,813
  • 3
  • 38
  • 45