Search code examples
phphashcryptoneway

Understanding PHP crypt() return value


PHP crypt function is said to have this return value:

"Returns the hashed string or a string that is shorter than 13 characters and is 
guaranteed to differ from the salt on failure."

I don't understand what this means... I've understood basically how this function works but I would like to know how to interpret the return value and try to understand WHEN this condition occurs.. this is by far one of the vaguer explanations in the PHP manual or maybe I'm just blind from starring at it for too long...? :)


Solution

  • The one thing the crypt documentation mentions:

    (5.3.2) Fixed Blowfish behaviour on invalid rounds to return "failure" string ("*0" or "*1"), instead of falling back to DES.

    Apparently crypt can return different [poorly-specified] short strings on failure. I suspect the "or" bit is to account for "differ from the salt".

    In this manner, a string "shorter than 13 characters" (of who knows what) -> failure. The only documented case relates to invalid Blowfish options, but could possible be expanded in the future. (While not in the documentation, bug #64449 indicates that a "failure" should be returned for algorithms whenever the salt is invalid.)


    The rational that the salt is never returned may be linked to bug #55439:

    If crypt() is executed with MD5 salts, the return value conists of the salt only.

    The consequence is $valid = crypt($pw, $crypt); is TRUE, for any $pw.

    Thus, by ensuring the salt itself is not returned it avoids a feedback cycle where stored hashes - just the salt from due to the bug - would always register as being valid for any password. The restriction that the salt is not returned may mitigate degenerate interactions of different (patched and unpatched?) servers.


    Also, anyone know how to find point documentation for specific PHP versions? It would be interesting to see when the "differ from the salt" clause was added ..