Open In App

PHP md5(), sha1(), hash() Functions

Last Updated : 21 Jun, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

PHP is a server-side scripting language which implies that PHP is responsible for all the back-end functionalities required by the website. The authentication system is one of the most important parts of a website and it is one of the most commonplace where developers commit mistakes leaving out vulnerabilities for others to exploit. One example could be storing and using user passwords in its true form, which may lead to a situation where an unauthorized person gets the access to the database and the whole system is compromised.

This situation can be easily prevented using password hashing. Password Hashing is a method which takes the user password( a variable-length sequence of characters) and encrypts it to a fixed-length password containing random characters from a larger set. PHP has a few functions that can be used to achieve the same.

md5() Function

Syntax:

string md5 ($string, $getRawOutput)

Parameters: The function an take up to a maximum of two parameters as follows:

  • $string: This parameter expects the string to be hashed.
  • $getRawOutput: This optional parameter expects a boolean value, on TRUE the function returns the hash in a raw binary format of length 16.

Return Type: This function returns the hashed string (either in lowercase hex character sequence of length 32 or raw binary form of length 16).

sha1() Function

Syntax:

string sha1($string, $getRawOutput)

Parameters: The function an take up to a maximum of two parameters as follows:

  • $string: This parameter expects the string to be hashed.
  • $getRawOutput: This optional parameter expects a boolean value, on TRUE the function returns the hash in a raw binary format of length 20.

Return Type: This function returns the hashed string (either in lowercase hex character sequence of length 40 or raw binary form of length 20).

hash() Function

Syntax:

string hash($algo, $string, $getRawOutput)

Parameters: The function an take up to a maximum of three parameters as follows:

  • $algo: This parameter expects a string defining the hashing algorithm to be used. PHP has a total of 46 registered hashing algorithms among which “sha1”, “sha256”, “md5”, “haval160, 4” are the most popular ones.
  • $string: This parameter expects the string to be hashed.
  • $getRawOutput: This optional parameter expects a boolean value, on TRUE the function returns the hash in a raw binary format.

Return Type: This function returns the hashed string (either in lowercase hex character sequence or raw binary form).

Below program illustrates the working of md5(), sha1() and hash() in PHP:




<?php
  
// PHP code to illustrate the working 
// of md5(), sha1() and hash()
  
$str = 'Password';
$salt = 'Username20Jun96';
echo sprintf("The md5 hashed password of %s is: %s\n"
                                $str, md5($str.$salt));
echo sprintf("The sha1 hashed password of %s is: %s\n",
                                $str, sha1($str.$salt));
echo sprintf("The gost hashed password of %s is: %s\n"
                        $str, hash('gost', $str.$salt));
                          
?>


Output:

The md5  hashed password of Password is: 
a59a0e0fcfab450008571e94a5549225
The sha1 hashed password of Password is: 
a69652ddbc8401ae93b5d2f0390d98abd94fc2f4
The gost hashed password of Password is:
5376160a0d848c327949364b96fb9fd6e13a9b20c58fbab50f418ea9eea3b67f

Important points to note:

  • The complexity of a hashing algorithm defines how good the hashing is itself. Both sha1 and md5 are not very complex thus experts suggest we should use the following algorithms only if the risk factor is not condemnable.
  • Using only the Password as input string gives a mediocre result, but using salt we can enhance the result. Salt in hashing is a term that refers to a random string that is used explicitly with the password. Many developers prefer to use the username and some other field (such as Date of birth in the example) as the salt which increases the randomness.
  • A hashing algorithm should preferably be a one-way route i.e. there should not exist a decrypt method, but all these known algorithms can be guessed with a proper implementation of Brute Force and Dictionary attack.

Reference:



Previous Article
Next Article

Similar Reads

How to hash string with md5 function in Node.js ?
Hashing means taking any string as a key and generating some other string for it as a value. It's like key-value pair in maps or dictionaries. md5 hash is an encryption algorithm that takes the various bits of a file and outputs a unique text string. md5 is a one-way encryption algorithm, i.e. there is no direct way of decryption. Using md5 hashing
2 min read
How to Create MD5 Hashes in PHP ?
MD5 is a widely used hash function that produces a fixed-size 128-bit hash value from arbitrary input data. In PHP, creating MD5 hashes is a common task, often used for password hashing, data integrity verification, or generating unique identifiers. In this article, we'll explore different approaches to create MD5 hashes in PHP, these are: Table of
1 min read
Password Hashing with MD5 module in Node.js
MD5 module in node.js uses a message-digest algorithm and it is a widely used hash function producing a 128-bit hash value. Password hashing is an important concept because, in the database, the actual password should not be stored as its a bad practice and also make the system less secure, so the password is stored in hashed form into the database
2 min read
How to Convert Input Value in Md5 using React Native ?
In this article, we'll explore how to convert an input value to MD5 using React Native. Hashing, a fundamental te­chnique in computer science­, involves converting data of any size into a fixe­d-size value for security or inte­grity purposes. One widely use­d hashing algorithm is MD5 (Message Digest Algorithm 5), although its vulne­rabilities rende
3 min read
How to Convert Input Value in Md5 using React JS ?
MD5 is a hash function often used to create a fixed-size hash from input. Though not secure for cryptography, it's still useful for tasks like checksums. Learn to build a basic React.js app converting user-input values into MD5 hashes. Prerequisites:NPM and NPXIntroduction to React React useStateApproach to convert Input Value in Md5: The provide­d
2 min read
What are User-defined Functions and Built-in Functions in PHP?
In PHP, User-defined functions are created by programmers to meet specific requirements, while PHP built-in functions are provided by PHP to perform common tasks without the need for manual implementation. Both types of functions play crucial roles in PHP development, offering flexibility, modularity, and efficiency in coding. Table of Content User
2 min read
How to Secure hash and salt for PHP passwords ?
Salting and hashing is a technique to store the password in a database. In cryptography, salting means to add some content along with the password and then hashing it. So salt and hash provide two levels of security. Salting always makes unique passwords i.e if there are two same passwords, after salting, the resulting string will change. Salting u
2 min read
How hash Function works in PHP ?
Hashing Functions play a crucial role in securing sensitive data by converting it into a fixed-size string of characters, often a hash value or checksum. PHP provides several built-in hashing functions for various purposes, such as password hashing, data integrity verification, and more. The Hashing technique implements the hash Function to transfo
2 min read
Difference between Regular functions and Arrow functions
This article discusses the major differences between regular functions and arrow functions. Arrow functions - a new feature introduced in ES6 - enable writing concise functions in JavaScript. While both regular and arrow functions work in a similar manner, there are certain interesting differences between them, as discussed below. Syntax: Regular f
2 min read
Node.js urlObject.hash API
Before we go on to learn about URL objects API we need to know a brief about URL. If you ever wanted to provide utilities so as to parse or resolute your URL, we can do it through the URL Module. We can divide the URL Module into two parts:- These are- URL String and URL Object. The urlObjectHash is a part of URL Object which is generally based on
1 min read