-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One PHPUnit test fails in 2.0.2 (and 2.0.2-p1) #3
Comments
Hm, the tests do pass on my Windows machine! I don't have a clue what configuration setting would make just one test fail on my linux environments. |
Woah, I might have stumbled on a bug in PHP's As I said in my original post, the actual hash is the same each time I run the tests. So I tried calling
It looks like the hash is always the same, as long as the salt starts with the same character after the underscore. Yet the PHP documentation says:
It looks like the implementation of |
It looks like your installation is falling back to CRYPT_STD_DES instead of using the expected CRYPT_EXT_DES. I try to account for issues like this in the library, but it's very difficult in some cases. I'll note that this bug does not appear under Travis CI nor any of my hosts with Zend Server, including Ubuntu 12.04. It's likely an issue specific to your installation. If you could, clone the latest master and run the tests from that version. The version in master is 2.1-dev, and contains some additional error handling to counteract some quirks in various versions of PHP's crypt - which is exactly why I think PHP needs a library like this :-). |
I'm running standard Ubuntu and Debian installs of PHP, so something definitely smells fishy here.
And here is
|
I would say for some reason your system lacks support for CRYPT_EXT_DES. That isn't supposed to happen in php 5.3+, but I'm not surprised from the issues I've encountered with crypt() so far. Everything else is passing, so unless you require the ExtDes module the library is still safe to use on your system. I'll have to investigate the Debian php package a bit and see what's going on, and obviously need to add some additional checks to the library. |
PHP reports
But apparently it's lying. I don't need it. I use the default (which is BLOWFISH, right?). |
Yes, the default is bcrypt with a cost factor of 12. |
@rchouinard What's the status of this? |
PHPUnit output for 2.0.2 and 2.0.2-p1
I've run the tests several times. The expected hash is different every time, but the actual stays the same.
Configuration (two machines):
The text was updated successfully, but these errors were encountered: