hash_password prints hash in wrong order
Bug #291999 reported by
Alexey Torkhov
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cyphesis |
Confirmed
|
Undecided
|
Al Riddoch |
Bug Description
hash_password() swaps adjacent hex digits in hash.
For example, md5("abc") =
900150983CD24FB
while hash_password(
09100589C32DF40
It happens because this code is done in wrong order:
To post a comment you must log in.
Tragically fixing this would break compatibility with earlier versions, and has no obvious advantage as with the existing code the function serves its purpose as a password hash even if it does not transform the data as one might expect from the stated algorithm.
I am going to hold off fixing until something else breaks the schema in such a way as I don't care about breaking compatibility.