php crypt function

David P. Schwartz davids@desertigloo.com
Sun, 31 Dec 2000 18:40:39 -0700


The PHP discussion list seems to have blanked out for a time, so I thought I'd
post this here for any of you PHP experts...

the PHP crypt function, when used with a two-character "salt", is supposed to
return a hash of its input that's 13 characters long, including the "salt" at
the beginning.

I've noticed that the version of PHP I'm working with (php3) seems to return a
hash on only the first 10-14 characters of a string.  I haven't experimented
in detail, but I'm getting hash collisions in unique (hashed) keys on a
database where the strings in question are identical in the first 10-20
characters, and differ towards the end.  As a crude example, take the browser
info string and append a timestamp, then pass this string to crypt likes so:

<?php

$tm = time();
$hash = crypt( $HTTP_USER_AGENT . $tm, "AA" );
$h2 = md5( $HTTP_USER_AGENT . $tm );

print "tm = [$tm]<br>";
print "HTTP_USER_AGENT= [$HTTP_USER_AGENT]<br>";
print "hash = [$hash]<p>";
print "md5 has = [$h2]<p>";

?>

crypt curiously returns the same hash for matching HTTP_USER_AGENT strings,
even though the time() function returns different values (I tried it with
microtime() too, same result).  The md5 hash is always different.  It's my
understanding that crypt() is supposed to hash an entire string; am I
mistaken?  Or is there perhaps something wacky with the installation I'm
working with?

-David