Throws exception when trying to generate bcrypt #2524

Closed
zfbot opened this Issue Sep 28, 2012 · 5 comments

Projects

None yet

3 participants

@zfbot
zfbot commented Sep 28, 2012

Jira Information

Original Issue:ZF2-462
Issue Type:Bug
Reporter:neeckeloo
Created:08/11/12
Assignee:ezimuel
Components:Zend\Crypt

Description

Zend\Crypt\Password\Bcrypt throws exception "Error during the bcrypt generation" when "create" method is called.
I work with Zend Server that uses version "5.3.8-ZS5.5.0" of PHP. I think maybe the wrong salt prefix ($2y$) is selected because the exception is not thrown if I force the code to use "$2a$" as prefix.

@zfbot
zfbot commented Sep 28, 2012

(Originally posted by: ezimuel on 08/12/12)

This is odd because the "$2y$" prefix should be used instead of "$2a$" starting from PHP 5.3.7+ (for more details: http://www.php.net/security/crypt_blowfish.php). Can you show me the snippet code that you are trying to execute?

@zfbot
zfbot commented Sep 28, 2012

(Originally posted by: neeckeloo on 08/12/12)

I use the ZfcUser module of Evan Coury that provide authentication feature. The "$hash" variable of \Zend\Crypt\Password\Bcrypt::create method has always a length of 13.

@zfbot
zfbot commented Sep 28, 2012

This issue was ported from the ZF2 Jira Issue Tracker at
http://framework.zend.com/issues/browse/ZF2-462

Known GitHub users mentioned in the original message or comment:
@neeckeloo, @ezimuel

@ezimuel ezimuel was assigned Sep 28, 2012
@ezimuel ezimuel added a commit to ezimuel/zf2 that referenced this issue Oct 2, 2012
@ezimuel ezimuel Fix for the issue #2524 7bd71ae
@ezimuel
Member
ezimuel commented Oct 9, 2012

I added the setBackwardCompatibility() to set the $2a$ for the crypt() function. By default the backward compatibility flag is set to false. In your case you have to set it to true. I checked with Zend Server 5.5 and I found the same issue. The bug has been fixed with Zend Server 5.6.
This new methods will be released with ZF 2.1.0.

@ezimuel ezimuel closed this Oct 9, 2012
@neeckeloo
Contributor

Thank for your feedback.

@ezimuel ezimuel added a commit to zendframework/zend-crypt that referenced this issue May 15, 2015
@ezimuel ezimuel Fix for the issue zendframework/zendframework#2524 985b296
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment