Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
PHP users warned of bugged update
Users of the PHP web scripting language have been warned off updating to the latest patch because of a bug that affects some cryptographic functions. A bug report published four days after the release of version 5.3.7 highlighted the problem.
The report stated that the crypt function, which is used to hash a text string (in other words, map a large amount of information into something smaller), no longer worked properly in the new build.
"If crypt() is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH [block ciphers used in encryption] salts work as expected," the report stated.
The salt consists of random bits added to the hash that improve security by making it impossible for an attacker to crack all the passwords at once.The developers of the PHP language have promised that the bug will be fixed in the next version, due shortly.
"Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days)."
25/08/11 Çap et