Why doesn't the crypt function work correctly?

K

Khurshed Abdujalil2018-02-11 15:06:41

PHP

Khurshed Abdujalil, 2018-02-11 15:06:41

it so happened that the project got, where the password is encoded through the crypt function. Having tested, I found a bug, if it can be considered so.

$salt = substr('test123', 0, 2);

        echo (crypt('testtest123', $salt)).'<br>';
        echo (crypt('testtest', $salt)).'<br>';
        echo (crypt('testtest1', $salt)).'<br>';

all three have the same result, that is, if someone enters the password testtest or testtest1 for a specific user with the password testtest123, then he will be authorized without any problems. Is this function crookedly working or what?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivanq, 2018-02-11
@akhur

By default, the DES algorithm is used, that is, only the first 8 characters are processed, and they are the same.
https://stackoverflow.com/questions/20875703/why-i... You
can use a salt of the form $6$сольиз16символов($6$ - SHA512) instead.