Date:25/08/11
Users of the PHP web scripting language have been warned off updating to the latest patch because of a bug that affects some cryptographic functions. A bug report published four days after the release of version 5.3.7 highlighted the problem.
The report stated that the crypt function, which is used to hash a text string (in other words, map a large amount of information into something smaller), no longer worked properly in the new build.
"If crypt() is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH [block ciphers used in encryption] salts work as expected," the report stated.
The salt consists of random bits added to the hash that improve security by making it impossible for an attacker to crack all the passwords at once.The developers of the PHP language have promised that the bug will be fixed in the next version, due shortly.
"Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days)."
PHP users warned of bugged update
Users of the PHP web scripting language have been warned off updating to the latest patch because of a bug that affects some cryptographic functions. A bug report published four days after the release of version 5.3.7 highlighted the problem.The report stated that the crypt function, which is used to hash a text string (in other words, map a large amount of information into something smaller), no longer worked properly in the new build.
"If crypt() is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH [block ciphers used in encryption] salts work as expected," the report stated.
The salt consists of random bits added to the hash that improve security by making it impossible for an attacker to crack all the passwords at once.The developers of the PHP language have promised that the bug will be fixed in the next version, due shortly.
"Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days)."
Views: 836
©ictnews.az. All rights reserved.
Similar news
- Mobile operators of national market to reduce roaming tariffs
- Iran vows to unplug Internet
- China Targeting Telecoms in Corruption Probe
- Bangladesh to use electronic voting system for next elections
- Philippine IT sector to launch five-year digital strategy plan
- Russian Premier Vladimir Putin meets ITU Secretary-General Hamadoun Touré
- US lawmakers propose to regulate use of geolocation data
- Unlimited mobile data plans dying as telcos gear up for cloud future
- Europe at risk of falling behind US and Asia on 4G use
- Netherlands first to regulate on net neutrality
- Korean Co Takes Aim At Display Patents
- Regulators, Banks Look for IT Hires After Breakdowns
- Electron transactions spreading
- Schools in remote rural areas will connect to the single database via network without SIM
- Obama to Personally Tweet From Twitter Account
