 |
| Text & Number Management Functions |
pages (4): 1 2 [3] 4 |
|
 |
 |
Hashing strings: encryption made easy
Do you want to keep a password secure but don’t want to have to learn
those hardcore DES encryption algorithms to do it? Hashing is your
answer. It’s easy, fast, and safe, as it’s one way encryption. It is
often used for passwords all over the WWW.
Since I like hashing and encryption, I’ll explain a bit about mhash
hashing as well as regular PHP hashing. But first, you must decide which
of the 2 most common hashing functions you want to use!
The
MD5 algorithm returns a 32byte length hash, while the SHA1 algorithm returns
a 40byte length hash. There is really no difference between the usage of
the two, as they both are operate in the same way. i.e.
They both accept a string argument, and return their hash of it.
Q.
So hashing is used for passwords... but how good is that if I can’t
decrypt it?
A. I asked that question too when I was learning hash-ography.
The answer is simple and logical: compare the newly hashed password to
an already hashed password.
MD5 and SHA1 potentially have 3 output types: hexadecimal, base64 and
STR output. PHP normally only uses hexadecimal output, which is a
mix of numbers and letters.
So, how about we get some hashing done? Let’s use MD5 and SHA1 to hash a
string:
<?php
$string = "scrowler likes apples";
$md5 = md5($string);
# $md5 = 8a74418dc9eea9d7e44bd580f9892b9b
$sha1 = sha1($string);
# $sha1 = 6d3ac220bf069eaa182afd67b1256ee1240ece41
?>
|
And that’s basic hashing. If you want to compare
passwords or phrases, do it like this:
<?php
$storedphrase = "6d3ac220bf069eaa182afd67b1256ee1240ece41";
$string = "scrowler likes apples";
if(sha1($string) == $storedphrase) echo "Yay, they match!";
?>
|
For more advanced users, here’s a little guide to using the
mhash library of PHP functions. If you think md5 and sha1 will be fine for
you, you can skip forward.
Mhash
Mhash is, in short, an additional PHP library that allows more advanced
hashing functions. The current list of algorithms that it can use are
listed below (taken from php.net on 18/3/05):
- MHASH_MD5
- MHASH_SHA1
- MHASH_HAVAL256
- MHASH_HAVAL192
- MHASH_HAVAL160
- MHASH_HAVAL128
- MHASH_RIPEMD160
- MHASH_GOST
- MHASH_TIGER
- MHASH_CRC32
- MHASH_CRC32B
So essentially, it still includes md5 and sha1 but also a number of
other hashing algorithms that you can use.
Mhash is a small library, consisting only of 5 functions. So I’ll
outline them all.
mhash_count() - Gets the highest available hash ID
mhash_get_block_size() - Gets the block size of the specified hash
mhash_get_hash_name() - Gets the name of the specified hash
mhash_keygen_s2k() - Generates a key
mhash() - Computes the hash
mhash() is the function we will worry about first, as it’s the function
that actually does the hashing. It accepts arguments in the following
order: [hash name], [string], [key].
Basically, you specify one of the hash algorithms above in [hash name]
without quotes, and you input a string. If you specify a key, it will
return the HMAC hash (Hashing for Message Authentication), although it is
not required, and if you don’t specify one, it will just return a
standard hash. If the algorithm doesn’t support HMAC modes, mhash()
returns false.
The difference between using md5("") and using mhash(MHASH_MD5,
"") is
that mhash() returns raw bin output, which must be converted to
hexadecimal by using the function bin2hex(). This way, the functions
will both output the same thing.
mhash_keygen_s2k() is the function we use to generate keys. This function accepts
[hash name], [password], [salt],
[bytes]. Basically, you input the hash name like you did with mhash(),
then you input a password, and a randomly generated salt that must be
<= 8 bytes long. If it’s less, PHP will pad it with 0’s to make it 8.
The bytes integer tells the function how long to make the generated key.
Please note that although your salt should be random, you must somehow
obtain a copy of it.
mhash_get_block_size() is a simple function that takes in a [hash name]
and returns the block size for that algorithm. If the hash doesn’t
exist, it will return false.
mhash_get_hash_name() is also a simple function, it takes in the
ID of [hash name] and returns the singular name of the hash, i.e. if
MHASH_MD5
was input, it would get the key of it, and return MD5.
mhash_count() is probably the simplest mhash function. It doesn’t
have any inputs and simply returns the number of algorithms there are
available in the mhash library.
So, to conclude the mhash section of this tutorial, let’s write a little
scriptlet that will hash a string in every algorithm!
<?php
$num_of_hashes = mhash_count();
$string = "scrowler likes apples";
for( $i=0; $i <= $num_of_hashes; $i++){
$name = mhash_get_hash_name($i);
echo "<p>Hashing using: ".$name."<br />Original string: <em>".$string."</em><br
/>";
$hash = mhash($i, $string);
$hash = bin2hex($hash);
echo "Hashed: ".$hash."</p>";
}
echo $num_of_hashes . " hashing algorithms used.";
?>
|
That concludes the mhash and hashing section of this
tutorial. I hope you learned something about hashing!
- Tutorial written by Scrowler
| |  | |  | | Last 5 User Comments | | |
There are no comments for this tutorial yet.
You can place a comment by clicking here. |
|
|
|
|
|
|
Forum Threads
|
|
|
 Deactivate Account
Author: jerinian
Posted: Oct 02nd, 11:16am
Activity: 1 replies, 887 views
|  |  changes....
Author: supertackyman
Posted: Sep 12th, 2:56am
Activity: 2 replies, 1051 views
| |
| | |
