The following is a bit confusing for me:


<?php
$salt="th";
$old_password="173.22.119.158asdfsdfasdfgasdfgasdfgadfgadfgadfasdgasdgsdgagsdgadgfadfgadgfadgfadfgdfg";
$new_password="173.22.1f";
$old_password=crypt("$old_password",$salt);
$new_password=crypt("$new_password",$salt);
if ($new_password==$old_password) echo "hi";exit();
echo"$old_password<br>$new_password<br>";
?>

Shouldn't these hashes be very different from each other?

hm... only the first eight characters seem to matter.

I don't know. Quick research on DES talks about weaknesses created by small key sizes (64 bits, which corresponds to eight ASCII characters), but I don't follow if that's directly the problem. I would suspect so.

I'd suggest not using crypt()'s default DES implementation. DES is considered insecure by pretty much everyone, and is, in fact, not a standard anymore.

I'd suggest switching to blowfish ( $salt = "$2y$07${22-character salt using [./0-9A-Za-z]}$" )
or SHA-512 ( $salt = "$6$rounds=5000${16-character salt}$" )

Good to know. I thought DES was good. I'll try to update to Blowfish then.

Just to make sure I am writing this out correctly, the salt starts with $2y$ followed by 22 character alphanumeric string and ends with $. crypt sees the salt format and hashes accordingly.

After some trial and error, reading up on it on php.net and a few other sources I was able to get the following to work.


<?php
$salt="$2y$07$";
$old_password="173.22.459.158fadfgdfg";
$new_password="173.22.45";
$old_password=crypt("$old_password",$salt);
$new_password=crypt("$new_password",$salt);
echo"$old_password<br>$new_password<br>";
?>

It appears that in order to change the salt I need to modify the 07 in the salt above to another numeric salt. I am sure I am doing something wrong. most of my other efforts produce two identical hashes. I noticed that the higher the 2 digit number the longer it takes to compile. 13 as in $salt="$2y$13$"; takes about 3 seconds which is as long as I want to try. I suspect the time it takes to compile increases exponentially.

<?php

$salt='$2y$07$bhfjdiiglt.lod387yhsi';
$old_password="173.22.459.158fadfgdfg";
$new_password="173.22.45";
$old_password=crypt("$old_password",$salt);
$new_password=crypt("$new_password",$salt);
echo"$old_password<br>$new_password<br>";
the "07" isn't the hash, it's a "cost" (I don't know exactly, but it has to do with # of iterations, etc.).

Your original example didn't have an actual salt (see above), but I did not get identical hashes even using your example.

I'm following this discussion (and the others) because it's interesting/useful for me. But I'm confused.

What I'm concerned about is whether crypt() is always consistent across servers. Several times now the two of you have had different results on different servers. I haven't tried it myself, but I've been thinking about switching over to this function.

So, I see three possibilities:
1. crypt() behaves differently on different servers due to which algorithms are available, underlying settings, etc.
(This means that moving hosts would be a huge problem and that code isn't portable in general. It might be better for security, but it's a problem for usability.)

2. James has been doing something wrong the whole time. It's certainly possible, but I can't see what it is, so I wouldn't do it any better. If so, what is the problem? Traq, you seem to be able to avoid the problem-- have you also figured out what James has done wrong, or only how to do it the right way on your server?

3. James's server is broken. crypt() will work as expected everywhere else, and there's just something wrong with php/crypt() on that installation. (I don't know that this is the case, it's just a guess, since it seems very inconsistent.)


Any idea which one might be the case? All I know is that I'm very confused by crypt(), and that I haven't had a lot of free time to play with it. I imagine I'll run into the same problems that James has when I do, though.


Is crypt() available to the same degree on all servers? Are there version differences?





Also: wouldn't it be a worthwhile project to create some functions for the different algorithms that make the arguments more intuitive? So we could create, for example:
function blowfish($string,$salt='',$rounds=1)

<?php
$salt="$2y$07$bhfjdiiglt.lod387yhsi";
$old_password="173.22.459.158fadfgdfg";
$new_password="173.22.45";
$old_password=crypt("$old_password",$salt);
$new_password=crypt("$new_password",$salt);
echo"$old_password<br>$new_password<br>";
?>
produces identical results. If the salt is:

$salt="$2y$07$bhfjdggggt.lo";
I still get the following hashed results.

$29AzSzYWnQIo
$29AzSzYWnQIo
Apparently it has something to do with the period inserted in my salt.

Testing further if I use any of the following salts:

$salt="$2y$07$a111111111111111111111";
$salt="$2y$07$abcdefghijklmnopqrstuv";
$salt="$2y$07$a111111111111111111111";
$salt="$2y$07$z111111111111111111111";
$salt="$2y$07$A111111111111111111111";
I get hash results of:

$2y$07$$$$$$$$$$$$$$$$$$$$$$.2nQ9E9AcydYp.2eiPJ2AQKr0V/PrQBe
$2y$07$$$$$$$$$$$$$$$$$$$$$$.lB8QuQjzbPsayD0PksDNYZnptEWnri2
but

$salt="$2y$07$2111111111111111111111";
and

$salt="$2y$07$3111111111111111111111";
produce different results.

I'll look more into this later, but you're defining $salt with double-quotes. PHP is assuming those dollar signs are supposed to be variables

That might be it. James, if you use single quotes, does any of this work better?

(Traq, I'm not sure what PHP thinks if you have a dollar sign as a variable but then no variable or a 'variable name' that starts with a number... maybe it gives a warning?)

Silly me. It was the single quotes. Sorry about that. That took care of 99% of my issues.

I did still notice one small anomaly.


$salt='$2y$07$111111111111111111111y';
$salt='$2y$07$1111111111111111111111';
both produce the same results.

Considering how new I am to crypt() I am going to assume the discrepancies between traq and myself has to do with errors on my part. I'm still trying to get some of the basic syntax down.

Interesting. Still keeping an eye on this :)
(And don't worry if it is you making errors [or it might not be], because I'm confused as well. But I'm glad it looks like it's mostly working out.)

For the new issue, that's the salt not being different; I'm not sure that's a major concern. Do different input strings (eg, passwords) give unique results now? It's a little odd that the salt isn't necessarily unique, but as long as there are still many combinations, I imagine it won't be a major problem.

$salt='$2y$07$111111111111111111111y';
$salt='$2y$07$1111111111111111111111';
both produce the same results.

Considering how new I am to crypt() I am going to assume the discrepancies between traq and myself has to do with errors on my part. I'm still trying to get some of the basic syntax down.

Where php.net says blowfish uses a 22-character salt, I think the docs are either a) counting that last $ as one of the characters, or b) wrong. Consider:
print crypt( 'hello','$2y$07$111111111111111111111y' );
# output # $2y$07$111111111111111111111uQeYcdC8/9Fn5yLUy.9ykXnYTaG3DyhuThe output hash is prefixed with the salt - but the 'y' is omitted. One way or the other, I'm sure it's being dropped.

I'm not so sure.


$salt='$2y$07$111111111111111111111e';

Changing "e" above to letters a-d produce the same hashes. e-t produce the same hashes. u-z produce the same results.

I'm happy with how blowfish is working now, so currently this is partly for fun. I'm also a little bit concerned that there is a flaw with how blowfish works. I have to wonder what other salts produce the same results?

A-N, O-Z, and 0-9 also produce the same hashes...

damn you, james! :p

Yeah, I'm not sure what to think of these findings.

Thanks for investigating those other letters and numbers. As far as I can tell blowfish is still better than DES (whatever DES is).

That's just weird. Is it only that last character? Have you noticed any other patterns for the whole string? Does 'aaaa'=='bbbb' for example?

And that is worrying because as far as I know (unless these algorithms are very different), a salt is just added to the string before hashing. So that would mean that the differences from one string to another would not create a different hash either, greatly increasing the chance of a collision. Potentially very problematic.

I'm sure it's just something we don't quite understand about the algorithm (or, more likely, how crypt() applies the salt).
My head hurts. Night, all.