While working on the Mandriva maintainer’s database, one thing needed is an authentication token as a very basic safety precaution. I couldn’t figure out why it wasn’t working and it looks like PHP’s message digest hashing is off. Has anyone ever seen this before? Here’s a quick demo:
% echo rpmctl+openssh | md5sum
cb47e7b47a32e744e13c7deb7ad85aac -
% echo rpmctl+openssh | openssl dgst -md5
cb47e7b47a32e744e13c7deb7ad85aac
% echo "< ?php print(hash('md5',"rpmctl+openssh") . '\n'); ? >"|php
cfcd208495d565ef66e7dff9f98764da
md5sum and openssl’s dgst command produce the same output. The odd-man-out here is PHP. And it’s not just md5 either:
% echo rpmctl+openssh | openssl dgst -sha
108ac3085dcad76af5b7fdc4397a848b9ed3f2300
% echo "rpmctl+openssh"|sha1sum
08ac3085dcad76af5b7fdc4397a848b9ed3f2300 -
% echo "< ?php print(hash('sha1',"rpmctl+openssh") . '\n'); ? >"|php
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
% echo "< ?php print(sha1("rpmctl+openssh") . '\n'); ? >"|php
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
Has anyone seen this before or have any idea of what the heck PHP is doing?
EDIT: Has anyone else noticed that re-editing a word press post completely farks the whole thing up? Geez!