PHP password protection: md5 to sha512
How do I use the开发者_StackOverflow中文版 sha512
function for PHP?
Can I replace all my md5
functions with the sha512
function?
Do I have to download something if so what?
Can anyone provide examples?
The hash()
function, provided with PHP >= 5.1, should be able to generate sha512 hashes -- you can verify this calling the hash_algos()
function, that lists the supported hashing algorithms.
For example, you could use :
$sha512 = hash('sha512', "Hello, World!");
var_dump($sha512);
And you'd get :
string '374d794a95cdcfd8b35993185fef9ba368f160d8daf432d08ba9f1ed1e5abe6cc69291e0fa2fe0006a52570ef18c19def4e617c33ce52ef0a6e5fbe318cb0387' (length=128)
And, on my system, the following portion of code :
$supported = hash_algos();
var_dump($supported);
Indicates that 42 hashing algorithms are supported :
array
0 => string 'md2' (length=3)
...
6 => string 'sha384' (length=6)
7 => string 'sha512' (length=6)
8 => string 'ripemd128' (length=9)
9 => string 'ripemd160' (length=9)
...
40 => string 'haval224,5' (length=10)
41 => string 'haval256,5' (length=10)
Also, with PHP >= 5.3, you should be able to use the openssl_digest()
function :
$sha512 = openssl_digest("Hello, World!", 'sha512');
var_dump($sha512);
(Yep, the parameters are not in the same order as with hash()
-- the magic of PHP, here...)
And, to get the list of supported algorithms, you could use openssl_get_md_methods()
.
On my system, this one gives me 22 supported algorithms.
Checksums are for generating checksums, HMAC is perhaps the preferred way for generating salted hashes of strings requiring securing hashing.
hash_hmac('sha512', 'important string', 'salt');
Just out of curiosity, why do you want to replace the MD5 function?
It is relatively efficient. If you add a salt, it is really annoying to reverse engineer. Someone would have to perform a brute force encoding of all passwords looking for a match. Without a salt, common short strings lower case all letter strings have been cracked and stored in a database.
I would just add a salt and call it good.
精彩评论