MD5 Vs SHA1 Hashing in PHP

by Vincy. Last modified on July 8th, 2022.

Hashing results in the fingerprint of data provided as an input to hashing functions. We are going to see about two PHP functions that create hash code that can otherwise call as a message digest.

These functions are creating hash code using MD5(Message-Digest Algorithm) and SHA1(Secured Hashing Algorithm) for creating the required fingerprint, and, they are listed below.

  • md5()-Creates message digest for the given string passed as its argument.
  • sha1()-It is also used for generating a hash code, but, is more secured compared with md5().

PHP md5() Hashing

This PHP function accepts two arguments, such as $input_string, to be converted into message digest and, $raw_output boolean, a factor of creating raw binary code on having TRUE, as its value. The function should be used in a PHP script with the syntax,

md5($input_string, $raw_output = TRUE);

For the optional second argument, $raw_output, boolean FALSE will be taken by default. Otherwise, we should set this flag, if we want to get raw binary content as a result of the md5() function. This argument is added as of PHP version 5.

PHP also contains another function to handle files with respect to what the hash code can be created. This function creates MD5 hashing with respect to the given file name, and it is named as md5_file(). This function also accepts the same set of two arguments like md5(). But, we should specify name and path of the file instead of a string as the first argument.

And then, md5() returns 32-bit code as a message digest for the given input as expected. If, the $raw_output is set as TRUE, then, this function will return 16-bit binary code.

Secure Hashing with PHP sha1()

sha1() function is also used for the same purpose of creating hash code from the input string, but, it is more secure compared with md5(). But, the performance in this security point of view will not be significant in implementation.

This function also has the same two arguments, as like as md5(), and the syntax is,

sha1($input_string, $raw_output = TRUE);

As we have seen in md5(), the first argument, $input_string is mandatory, and, the other is an optional boolean, taken as FALSE by default. And, the equal PHP function that uses a secured hashing algorithm for creating SHA code with respect to file is, sha1_file(), like as md5_file().

And then, this function has a significant difference with PHP md5() with the length of the hash code it generates, that is, 40-bit hash code, whereas md5 generates 32-bit digest. With respect to the optional second $raw_output argument, if TRUE, this function will return 20-bit binary code.

Example: PHP md5() and sha1() Hashing

Let us have an example PHP program, that displays the resultant hash code of both hashing functions, we have seen above. And, it also contains, code for invoking such function with both possible values of $raw_output boolean.

$input_string = "PHPPOT";
$response_hashcode = array();
$response_hashcode["md5_raw_empty"] = md5($input_string);
$response_hashcode["md5_raw_false"] = md5($input_string, FALSE);
$response_hashcode["md5_raw_true"] = md5($input_string, TRUE);
$response_hashcode["sha1_raw_empty"] = sha1($input_string);
$response_hashcode["sha1_raw_false"] = sha1($input_string, FALSE);
$response_hashcode["sha1_raw_true"] = sha1($input_string, TRUE);
print "<PRE>";
print "</PRE>";

In the above PHP program, we have stored the results of all possible attempts of invoking md5() and sha1() functions with a different combination of its arguments.

After executing this program, we can see the code returned on invoking functions, with empty or with FALSE values of $raw_output, are identical. And also, we can see some unreadable binary code returned as the output of the following lines.

$response_hashcode["md5_raw_true"] = md5($input_string, TRUE);
// OR
$response_hashcode["sha1_raw_true"] = sha1($input_string, TRUE);


  • There are no other PHP functions to restore the hash code to its original input string or file content, once it is generated.
  • SHA1 is said to be secured if we compare it with an MD5 algorithm; But, some other versions of algorithms in the SHA group, like, SHA256, and SHA512 are more secure than SHA1.
  • These functions are not suitable for password hashing to protect passwords from a hacker. Because the code returned by these functions is easily breakable.

Download MD5 Vs SHA1 Hashing in PHP Source Code

Written by Vincy, a web developer with 15+ years of experience and a Masters degree in Computer Science. She specializes in building modern, lightweight websites using PHP, JavaScript, React, and related technologies. Phppot helps you in mastering web development through over a decade of publishing quality tutorials.

Comments to “MD5 Vs SHA1 Hashing in PHP”

Leave a Reply

Your email address will not be published. Required fields are marked *

↑ Back to Top

Share this page