Fri, 10 Apr 2026 20:05:34 +0000 https://bugs.horde.org/ticket/9275 crypt-md5 password with show_encryption doesn't work when using show_encryption parameter, if the stored encryption is crypt, it cannot work with crypt-md5 as it will use the crypt method to compare password instead of crypt-md5 (it will not work with crypt-blowfish also) Wed, 29 Sep 2010 22:01:31 +0000 https://bugs.horde.org/ticket/9275#t60213 Here is a fix that works: diff -urb passwd.old/lib/Driver.php passwd/lib/Driver.php --- passwd.old/lib/Driver.php 2010-09-30 00:00:35.000000000 +0200 +++ passwd/lib/Driver.php 2010-09-29 23:39:17.000000000 +0200 @@ -3,7 +3,7 @@ * Passwd_Driver:: defines an API for implementing password change systems for * Passwd. * - * $Horde: passwd/lib/Driver.php,v 1.44.2.9 2008/10/24 16:48:50 jan Exp $ + * $Horde: passwd/lib/Driver.php,v 1.44.2.10 2009-01-06 15:25:15 jan Exp $ * * Copyright 2000-2009 The Horde Project (http://www.horde.org/) * @@ -54,6 +54,9 @@ if ($this->_params['driver'] == 'ldap' && $encryption == 'md5') { $encryption = 'md5-base64'; } + if ($encryption == 'crypt' && substr($encrypted, 0, 3) == '$1$') { + $encryption = 'crypt-md5'; + } } else { $encryption = $this->_params['encryption']; } Wed, 29 Sep 2010 22:02:14 +0000 https://bugs.horde.org/ticket/9275#t60214 This is not how crypt() works: http://php.net/crypt crypt() should figure out itself from the salt which crypt algorithm to choose. If it doesn't, then PHP is broken, or the crypt method you are using is not supported by the system. Thu, 21 Oct 2010 16:06:16 +0000 https://bugs.horde.org/ticket/9275#t60555 Indeed there is a bug as you cannot use crypt-md5 encryption even if the password was saved with passwd as the matching of the old password doesn't work. But the correction has maybe to be done elsewhere, I check that. Thu, 21 Oct 2010 18:03:36 +0000 https://bugs.horde.org/ticket/9275#t60573 So the problem of not passing the right encryption to Auth::getCryptedPassword is the Auth::getSalt function not the crypt one. The salt generated is not the same for crypt-md5 and crypt, so the old password given is encrypted with the crypt method and it cannot match the one previously stored that is a crypt-md5 one. Maybe the Auth::getSalt shouldn't be called at all in the compare password case. Thu, 21 Oct 2010 18:23:40 +0000 https://bugs.horde.org/ticket/9275#t60575 Sorry, I lost you. Can you explain again, which strings/salts/passwords are passed where, and where you think this is a bug? Thu, 21 Oct 2010 20:07:01 +0000 https://bugs.horde.org/ticket/9275#t60581 Ok, let's try to be clear. I want password to be stored with crypt-md5 method, so it's already the case in the database, and the format is {crypt}$1$xxxxxxxxxxxxxxx (but it can be another method also, that's why it's prefixed) Then I want to provide user a way to change their password and keep storing them with crypt-md5 method. I've set encryption to crypt-md5 in passwd and show_encryption to true (I can have put encryption to any other method I think I'll get the same result as my password are already crypt-md5) So to change the password the old one is reqested from the user, and the problem lie here: In passwd/lib/Driver.php, in function comparePasswords there is a call to Auth::getCryptedPassword to get the encrypted version of the old password given by the user that need to match the stored version. As the method is stored with the password, 'crypt' is use as encryption for the old password, so the params given to Auth::getCryptedPassword are ('password', '{crypt}$1$1a9668b1$5uJT0BQW24EEtrVj/c4R2/', 'crypt', false) And in lib/Horde/Auth.php in getCryptedPassword, the first task done is to recompute $salt, and if 'crypt' is used instead of 'crypt-md5' it reduce it to 3 chars instead of 13 (see the getSalt function). If the salt is not recomputed, it works (I've tested). So the call to crypt have to be done with the encrypted old password as second paremeter (or it's first 13 chars as it's done when 'crypt-md5' is used as parameter in this function). Hope this is clearer. Thu, 21 Oct 2010 20:40:44 +0000 https://bugs.horde.org/ticket/9275#t60584 If passwords are encrypted with crypt-md5, then they should be prefixed with {crypt-md5} not {crypt}. Wed, 26 Mar 2014 12:58:35 +0000 https://bugs.horde.org/ticket/9275#t83023