Guides

PHP Hashing for Added Security

Understand the Hash

A hash code is the digest or fingerprint of some data.By using one way mathematical method you can generate fixed length hashes for any data. It is nearly impossible to recover original data from hash. No two different text will provide same hash. Even if the attacker get your hash, they won’t be able to get your original password from it. So almost all developers are using hashing to store passwords in databases.

Types

Most popular hashing schemes used in PHP are MD5 and SHA1 hashing. MD5 uses 128 bit (32 Hexadecimal char) hash and sha1 uses 140 bit (40 Hexadecimal characters).

Create Hash in PHP

PHP has built in functions to generate md5 and sha1. To create md5 hash, you can call md5( ) function.

Example:

$passHash=md5($password);

sha1( ) function will create sha1 hash.

Example:

$passHash=sha1($password);

This passHash variable can be stored in database. Whenever user enters password to site, create corresponding hash, and compare with hash stored in database.

Problems with Hashing

Hashes are not completely free from exploitation. A hacker may use brute force attack or dictionary attack to hack password. success of these methods cannot be guaranteed but they shows vulnerability using mere hashing.

Advanced Hashing : Salt Hashing

In this method we create a random string of predetermined length and prepend it to plain text password. This string is called salt, which we need to store along our hashed password in database. Whenever user enters a password in to site we use salt from database corresponding to that user, append it to plain text password and compute hash. If computed hash is being equal to stored hash, we can authenticate that user.

Additional Information: Instead of using you can also find hash of random string and append it to password.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top