2

I am developing an API using PHP (Codeigniter) and Phils RESTserver. I am creating a hash using crypt() with the password and the salt.

The problem is that the hash that is the result of the crypt() algorithm is different on my local machine and on the server.

It works fine locally but not on the server (to short). I know the password and the salt are the same because I tried them hardcoded to.

Hash from local machine:

$2a$10$g6J7CUjJvB0JpTd7UcrowePEbqp/oBmZEpd7vS.5HFYx38f08Tb/a

Hash from the server:

$2jkP2/LlC/H6

What can be wrong?

(server is running centos 5).

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
Jonathan Clark
  • 19,726
  • 29
  • 111
  • 175

1 Answers1

3

Your PHP version probably does not support blowfish hashing for crypt. The $2a$ in the output suggests you're trying to use CRYPT_BLOWFISH which may not be available on both platforms.

http://uk.php.net/crypt

A bug was fixed in PHP 5.3.2:

Fixed Blowfish behaviour on invalid rounds to return "failure" string ("*0" or "*1"), instead of falling back to DES.

So i'd guess the hash from your server is falling back to DES, since it contains only the first 2 characters of your salt.

Cal
  • 7,067
  • 25
  • 28