andrewgauger Posted April 8, 2010 Share Posted April 8, 2010 Those are very interesting results. In 5.3 the only difference between each of the encrypted values is the salt itself. All the values are "a".$i."Av8awQ0AsR6". What that speaks to me is that there is no significance to the second digit. Do non-special characters also end with Av8awQ0AsR6? It might be the function was enhanced to only accept non-special characters. I wonder what the source code says for the new function. Quote Link to comment Share on other sites More sharing options...
andrewgauger Posted April 9, 2010 Share Posted April 9, 2010 So I looked at the source code and I have an idea. Why don't you take the crypt.c file from the 5.2 source, overwrite the file in the 5.3 and compile? Boom- you have the function you need in the distro you want. It is located in the \ext\standard directory. *I have not tested this solution, would recommend getting input from someone else before trying. Quote Link to comment Share on other sites More sharing options...
oni-kun Posted April 9, 2010 Share Posted April 9, 2010 Zend wouldn't like it, As you're re-implementing crypt's initiation handler. zm_shutdown_basic and zm_shutdown_crypt are deprecated and removed in PHP 5.3.2. It would require patching much more than what is viable, as it'd take deconstruction of some of the engine's functions breaking more. Quote Link to comment Share on other sites More sharing options...
andrewgauger Posted April 9, 2010 Share Posted April 9, 2010 I've been tracing the includes, and that idea wont work. Quote Link to comment Share on other sites More sharing options...
PP133 Posted April 12, 2010 Author Share Posted April 12, 2010 Those are very interesting results. In 5.3 the only difference between each of the encrypted values is the salt itself. All the values are "a".$i."Av8awQ0AsR6". What that speaks to me is that there is no significance to the second digit. Do non-special characters also end with Av8awQ0AsR6? It might be the function was enhanced to only accept non-special characters. I wonder what the source code says for the new function. Yeah, I think the reason that it doesn't change is because, like the PHP bug guy stated, the salt should only be alpha-numeric, otherwise it's uncharted waters. Not to get off on a tangent but in my opinion, if it's not supported, PHP should throw a warning at least, something like "Chosen salt not supported for Standard DES encryption. Results may be unpredictable." Here's a snippet of the output of the code in 5.3.0 with an alpha-numeric second character in the salt: DES encryption (salt = a0) = a09mPwXifImcU DES encryption (salt = a1) = a1Ve8Cgz9o7Bc DES encryption (salt = a2) = a2MEKOIcmCijA DES encryption (salt = a3) = a3kDUCoB00OaQ DES encryption (salt = a4) = a4sLkn7C9GP12 DES encryption (salt = a5) = a5tPhn96BI7cI DES encryption (salt = a6) = a6Q7dXXzwkivs DES encryption (salt = a7) = a7NZDJAHCF5tc DES encryption (salt = a8) = a8dzXozHYPd32 DES encryption (salt = a9) = a9CJ6HTSDXmf. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.