Hash functions: the PHP way

PHP provides powerful tools for working with hash algorithms. First of all, we need to take a closer look at the hash_algos function. It's very important to start with this point when designing our future solution. It's very important to start with this point when designing our future solution because we will be able to see all supported algorithms in the current version of PHP.

For example, in PHP version 8.2.10, we can see the following algorithms:

print_r(hash_algos());        

/* output:

Array

(

? ? [0] => md2

? ? [1] => md4

? ? [2] => md5

? ? [3] => sha1

? ? [4] => sha224

? ? [5] => sha256

? ? [6] => sha384

? ? [7] => sha512/224

? ? [8] => sha512/256

? ? [9] => sha512

? ? [10] => sha3-224

? ? [11] => sha3-256

? ? [12] => sha3-384

? ? [13] => sha3-512

? ? [14] => ripemd128

? ? [15] => ripemd160

? ? [16] => ripemd256

? ? [17] => ripemd320

? ? [18] => whirlpool

? ? [19] => tiger128,3

? ? [20] => tiger160,3

? ? [21] => tiger192,3

? ? [22] => tiger128,4

? ? [23] => tiger160,4

? ? [24] => tiger192,4

? ? [25] => snefru

? ? [26] => snefru256

? ? [27] => gost

? ? [28] => gost-crypto

? ? [29] => adler32

? ? [30] => crc32

? ? [31] => crc32b

? ? [32] => crc32c

? ? [33] => fnv132

? ? [34] => fnv1a32

? ? [35] => fnv164

? ? [36] => fnv1a64

? ? [37] => joaat

? ? [38] => murmur3a

? ? [39] => murmur3c

? ? [40] => murmur3f

? ? [41] => xxh32

? ? [42] => xxh64

? ? [43] => xxh3

? ? [44] => xxh128

? ? [45] => haval128,3

? ? [46] => haval160,3

? ? [47] => haval192,3

? ? [48] => haval224,3

? ? [49] => haval256,3

? ? [50] => haval128,4

? ? [51] => haval160,4

? ? [52] => haval192,4

? ? [53] => haval224,4

? ? [54] => haval256,4

? ? [55] => haval128,5

? ? [56] => haval160,5

? ? [57] => haval192,5

? ? [58] => haval224,5

? ? [59] => haval256,5

)

*/

We can see that PHP offers a wide range of hash functions in its arsenal. The differences between these functions are the subject of a separate article. Now, let's take a closer look at another very important method that PHP has.

Another important function is hash_init, which allows us to use the same hash function for different messages within one context. Let's look at an example:

$context = hash_init(‘sha256’);        

Now, we can use these hash functions within one context by adding new data to our message using the helpful function hash_update.

hash_update($context, ‘first message’);
//get new part of message
hash_update($context, ‘second message in one context’);        

At each step, the hash_update function calculates the hash value for the message within one context. Finally, by using hash_final, we can obtain the hash value for the entire message.

hash_final($context);        

So, we figured out one of PHP's hash tools.?

Let's take a closer look at the next popular tool, like the hash function. The hash function is commonly used in many non-professional projects to generate passwords for storing them in a database. This function is very simple to use:

hash(‘sha256’, ‘password’);        

//output: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

However, it is not sufficient for implementing a truly cryptography-protected project. First of all, we need to know about one type of cryptography attack: timing attack.?

A timing attack is a highly dangerous method used to obtain a secret key without physical access to the device. A criminal hacker analyzes the time spent on a cryptographic algorithm for calculating the hash value, and using this data, they can calculate the secret key.

For defence on this attack, PHP has a great function hash_equals. Don't forget to use this function when your application checks user passwords.

The next helpful function is hash_file. We can use it for generating a hash signature when sending files. It is very important when we want to be sure that the sent file hasn't been altered during the receiving process.

One important subject in cryptography is HMAC or hash-based message authentication code. HMAC is a code authentication mechanism for messages, which uses hash functions. It is commonly employed as a means of checking message integrity. PHP provides functions to implement this mechanism, such as hash_hmac and hash_hmac_file.

I hope this article was helpful for you. Ask in comments and have a good day.