BUGFIX: Fix checking for flawed blowfish encryption

2024-06-30 08:29:28 +02:00 · 2012-05-16 16:40:12 +12:00 · 2012-05-16 16:40:12 +12:00 · becdd85421
commit becdd85421
parent f01ca808db
1 changed files with 1 additions and 1 deletions
--- a/security/PasswordEncryptor.php
+++ b/security/PasswordEncryptor.php
@ -232,7 +232,7 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
 	 */
 	function checkAEncryptionLevel() {
 		// Test hashes taken from http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/glibc/crypt_blowfish/wrapper.c?rev=1.9.2.1;content-type=text%2Fplain
-		$xOrY = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
+		$xOrY = crypt("\xff\xa334\xff\xff\xff\xa3345", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi';
 		$yOrA = crypt("\xa3", '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq') == '$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq';

 		if($xOrY && $yOrA) {