
Do not upgrade to PHP 5.3.7 due to a bug in crypt() - there
http://www.php.net/archive/2011.php#id2011-08-22-1
======
pilif
I'm sure this was initially caused by the updates to crypt_blowfish (to fix
the 8bit character issue we talked about a couple of months ago).

Interesting: Their build server has a failing test for crypt:
[http://gcov.php.net/viewer.php?version=PHP_5_3&func=test...](http://gcov.php.net/viewer.php?version=PHP_5_3&func=tests&file=ext%2Fstandard%2Ftests%2Fstrings%2Fcrypt.phpt)

So I would assume that this should have been caught by running the tests
before making the release. Or whoever ran the tests had them passing due to
build artifacts of previous builds.

Or there are just too many tests that fail regularly:
[http://gcov.php.net/viewer.php?version=PHP_5_3&func=test...](http://gcov.php.net/viewer.php?version=PHP_5_3&func=tests)
\- when you have 201 failing tests, one more probably isn't going to cause any
concern.

~~~
courtewing
201 failing tests is really shocking to me. Does anyone know of similar pages
for languages such as ruby or python?

~~~
jrockway
Perl will not install if any of its tests fail after it's built. I'm surprised
that PHP's test suite isn't run on the user's box after building it, allowing
end users to "double check" the release process.

~~~
shabble
I'd imagine the majority of people are installing it via their distro's binary
packages, so they're not going to run the tests anyway.

Of course, the packager for the distro should be running tests, and raising
some serious questions when stuff fails.

------
kragen
I would like to say that I would never release code with a failing test, but
in truth, my NSNMP module on CPAN has a test that fails occasionally due to
some kind of race condition that I've never bothered to fix, because I kind of
abandoned NSNMP when I stopped doing any SNMP work in I think 2005. I get
email about it from CPANTS every week, and have been since at least 2005.

Now that I've made my confession, I think that this is the latest piece of
evidence in a long line showing that the PHP core team _just doesn't know how
to program_. See also this horrorshow that is the list of attempted fixes for
an integer overflow vulnerability in 2007:
<http://use.perl.org/~Aristotle/journal/33448> and this complete freshman-
level lack of comprehension of C: [http://gnats.netbsd.org/cgi-bin/query-pr-
single.pl?number=34...](http://gnats.netbsd.org/cgi-bin/query-pr-
single.pl?number=34632). And of course there are the evidences of incompetence
permanently enshrined in the language, like the fact that "a ? b : c ? d : e"
parses incorrectly as "(a ? b : c) ? d : e", but those could simply mean that
Rasmus didn't know how to program when he was first designing PHP.

Nevertheless, it must be said that PHP is an incredibly useful piece of
software. It clearly shows that intelligence and even basic programming
competence are not sufficient or even necessary to build great software. You
can do it on _sisu_ alone, and without _sisu_ you can't do it.

------
driverdan
This isn't the first time a major bug has been introduced and found shortly
after release. How do these major bugs get past testing? Does PHP have poor
test coverage? This bug would have been found pretty quickly with basic unit
testing.

~~~
joelhaasnoot
If you read the bug report, looks like the tests were failing, yet nobody
bothered to either test, or investigate the results...

~~~
pointyhat
Sounds like plain old incompetence. PHP is slowly becoming even more of a joke
due to things like this.

------
rebelde
How can I get important information like this delivered to my inbox?

I'm serious. Without seeing this here, I might have used YUM to upgrade to the
latest version (5.3.7) like I often do. I get the php-announce emails telling
me that a new version is available, but nothing telling me when a problem like
this emerges.

I think the answer is that this announcement should go out in php-announce.
Maybe it will later today.

~~~
duggan
We use portaudit - <http://www.freshports.org/security/portaudit/>

I'm sure there's something similar for Linux.

------
verisimilitude
I really enjoy PHP: I learned on it and in doing so became familiar with its
numerous idiosyncrasies. However, and I know this is a weird sentiment, I'm
waiting for it to fall out of favor. Then, hopefully, most everybody new to
programming/scripting will move on and the community supporting PHP will be
pared down. The release cycle will slow, and the gains the language has made
can be consolidated and stabilized.

But that's me: I'd rather code in a quiet backwater (e.g. PHP in the future,
when everyone has moved on) than be screaming along the cutting edge. Such a
goal is definitely the opposite of many.

~~~
bonzoesc
PHP isn't a quiet backwater, it's a cutting-edge when you should have stable,
well-tested code (security-related functions like crypt()), and a backwater
when you want to be cutting-edge (object-oriented and functional paradigms).

------
darklajid
Isn't this a feature..?

No, I'm not serious. But if everyone wakes up for a second, checks if they are
vulnerable and maybe, accidentally stumbles upon 'Why you don't want to use
MD5 for your authentication' posts.. Wouldn't the world be a better place
tomorrow?

~~~
kragen
crypt()'s MD5 is salted and iterated and therefore perfectly adequate to use
for your authentication. Just not in PHP 5.3.7. bcrypt() or scrypt() might be
better, but crypt() with MD5 is perfectly adequate.

~~~
daeken
Are you sure it's iterated? I just checked the manual for crypt() and it just
says it's MD5 with a salt, but it could be a failure of the documentation.

~~~
kragen
Yes, see
[http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt...](http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-
md5.c?rev=1.13.36.1;content-type=text%2Fx-cvsweb-markup) where it says, "for(i
= 0; i < 1000; i++)".

~~~
antihero
1000 isn't very many at all in this day and age. And because MD5 has been
actually broken I'd avoid it entirely. Use scrypt.

~~~
kragen
This is tricky to answer.

Of course I don't want to advocate using MD5, even iterated a thousand times,
for both of the reasons you state. There are better alternatives. scrypt
appears to be one of them, and if it stands up to analysis, it's better than
PBKDF2 and bcrypt, which in turn are better than MD5-crypt.

However, MD5 iterated 1000 times is still 1000 times better than MD5 iterated
once (which an alarming number of codebases still use!) and the
vulnerabilities that have been _published_ in MD5 are not sufficient to speed
up an attack on an MD5-crypted password file.

So MD5-crypt is still vastly preferable to many alternatives, including
traditional Unix crypt(), even though MD5 has been broken and DES hasn't.

------
hackermom
Ouch. I'm actually still on 5.3.6, waiting for 5.4.0. Guess laziness is a
blessing sometimes after all.

------
waffle_ss
Aw man, I was all excited because I thought my posting was getting a bunch of
traffic. Then I realized this is just a repost :( _plays violin_

<http://news.ycombinator.com/item?id=2912066>

