MD5 Vs SHA1 Hashing in PHP

Hashing results in fingerprint of data provided as an input to hashing functions. We are going to see about two PHP functions that create hash code that can otherwise call as a message digest.

These functions are creating hash code using MD5(Message Digest Algorithm) and SHA1(Secured Hashing Algorithm) for creating required fingerprint, and, they are listed below.

  • md5()-Creates message digest for the given string passed as its argument.
  • sha1()-It also used for generating a hash code, but, more secured compared with md5().


PHP md5() Hashing

This PHP function accepts two arguments, such as $input_string, to be converted into message digest and, $raw_output boolean, a factor of creating raw binary code on having TRUE, as its value. The function should be used in a PHP script with the syntax,

md5($input_string, $raw_output=TRUE);

For the optional second argument, $raw_output, boolean FALSE will be taken by default. Otherwise, we should set this flag, if we want to get raw binary content as a result of md5() function. This argument is added as of PHP version 5.

PHP also contains another function to handle files with respect to what the hash code can be created. This function creates MD5 hashing with respect to the given file name, and it is named as md5_file(). This function also accepts the same set of two arguments like md5(). But, we should specify name and path of the file instead of a string as the first argument.

And then, md5() returns 32-bit code as a message digest for the given input as expected. If, the $raw_output is set as TRUE, then, this function will return 16-bit binary code.

Secure Hashing with PHP sha1()

sha1() function also used for the same purpose of creating hash code from the input string, but, it is more secure compared with md5(). But, the performance in this security point of view will not be significant on implementation.

This function also has the same two arguments, as like as md5(), and the syntax is,

sha1($input_string, $raw_output=TRUE);

Like we have seen in md5(), the first argument, $input_string is mandatory, and, the other is optional boolean, taken as FALSE by default. And, the equal PHP function that uses secured hashing algorithm for creating SHA code with respect to file is, sha1_file(), as like as md5_file().

And then, this function have significant difference with PHP md5() with the length of the hash code it generates, that is, 40-bit hash code, whereas md5 generates 32-bit digest. With respect to the optional second $raw_output argument, if TRUE, this function will return 20-bit binary code.

Example: PHP md5() and sha1() Hashing

Let us have an example PHP program, that displays the resultant hash code of both hashing function, we have seen above. And, it also contains, code for invoking such function with both possible values of $raw_output boolean.

$input_string = "PHPPOT";
$response_hashcode = array();
$response_hashcode["md5_raw_empty"] = md5($input_string);
$response_hashcode["md5_raw_false"] = md5($input_string,FALSE);
$response_hashcode["md5_raw_true"] = md5($input_string,TRUE);
$response_hashcode["sha1_raw_empty"] = sha1($input_string);
$response_hashcode["sha1_raw_false"] = sha1($input_string,FALSE);
$response_hashcode["sha1_raw_true"] = sha1($input_string,TRUE);
print "<PRE<";
print "</PRE<";

In the above PHP program, we have stored results of all possible attempts of invoking md5() and sha1() functions with a different combination of its arguments.

After executing this program, we can see the code returned on invoking functions, with empty or with FALSE values of $raw_output, are identical. And also, we can see some unreadable binary code returned as the output of the following lines.

$response_hashcode["md5_raw_true"] = md5($input_string,TRUE);
$response_hashcode["sha1_raw_true"] = sha1($input_string,TRUE);


  • There are no other PHP functions to restore the hash code to its original input string or file content, once it is generated.
  • SHA1 is said to be secured if we compare with a MD5 algorithm; But, some other versions of algorithms in SHA group, like, SHA256, SHA512 are more secure than SHA1.
  • These functions are not suitable for password hashing to protect password from a hacker. Because the code returned by these functions are easily breakable.

Download MD5 Vs SHA1 Hashing in PHP Source Code

This PHP code tutorial was published on August 2, 2013.

↑ Back to Top