On the subject of PHP, this kind of issue is also amusing:
assert($str1 != $str2); // Two different strings or passwords
assert(md5($str1) == md5($str2)); // Are the same hash !?
This isn't a hash collision, but a different kind of collision caused by hexadecimal and PHP's loose == handling. First it can interpret certain string-patterns as numbers with exponents, and secondly zero raised to any power is always zero.
So any strings that both match /^0e\d+$/i are equivalent under == rules, and some hexadecimal outputs are going to match that.
assert($str1 != $str2); // Two different strings or passwords
assert(md5($str1) == md5($str2)); // Are the same hash !?
This isn't a hash collision, but a different kind of collision caused by hexadecimal and PHP's loose == handling. First it can interpret certain string-patterns as numbers with exponents, and secondly zero raised to any power is always zero.
So any strings that both match /^0e\d+$/i are equivalent under == rules, and some hexadecimal outputs are going to match that.
'0e1' == '0e9'