MD5 Vs SHA1 Hashing in PHP

Hashing results in the fingerprint of data provided as an input to hashing functions. We are going to see about two PHP functions that create hash code that can otherwise call as a message digest.

These functions are creating hash code using MD5(Message-Digest Algorithm) and SHA1(Secured Hashing Algorithm) for creating the required fingerprint, and, they are listed below.

• md5()-Creates message digest for the given string passed as its argument.
• sha1()-It is also used for generating a hash code, but, is more secured compared with md5().

PHP md5() Hashing

This PHP function accepts two arguments, such as $input_string, to be converted into message digest and, $raw_output boolean, a factor of creating raw binary code on having TRUE, as its value. The function should be used in a PHP script with the syntax,

<?php
md5($input_string, $raw_output = TRUE);
?>

For the optional second argument, $raw_output, boolean FALSE will be taken by default. Otherwise, we should set this flag, if we want to get raw binary content as a result of the md5() function. This argument is added as of PHP version 5.

PHP also contains another function to handle files with respect to what the hash code can be created. This function creates MD5 hashing with respect to the given file name, and it is named as md5_file(). This function also accepts the same set of two arguments like md5(). But, we should specify name and path of the file instead of a string as the first argument.

And then, md5() returns 32-bit code as a message digest for the given input as expected. If, the $raw_output is set as TRUE, then, this function will return 16-bit binary code.

Secure Hashing with PHP sha1()

sha1() function is also used for the same purpose of creating hash code from the input string, but, it is more secure compared with md5(). But, the performance in this security point of view will not be significant in implementation.

This function also has the same two arguments, as like as md5(), and the syntax is,

<?php
sha1($input_string, $raw_output = TRUE);
?>

As we have seen in md5(), the first argument, $input_string is mandatory, and, the other is an optional boolean, taken as FALSE by default. And, the equal PHP function that uses a secured hashing algorithm for creating SHA code with respect to file is, sha1_file(), like as md5_file().

And then, this function has a significant difference with PHP md5() with the length of the hash code it generates, that is, 40-bit hash code, whereas md5 generates 32-bit digest. With respect to the optional second $raw_output argument, if TRUE, this function will return 20-bit binary code.

Example: PHP md5() and sha1() Hashing

Let us have an example PHP program, that displays the resultant hash code of both hashing functions, we have seen above. And, it also contains, code for invoking such function with both possible values of $raw_output boolean.

<?php
$input_string = "PHPPOT";
$response_hashcode = array();
$response_hashcode["md5_raw_empty"] = md5($input_string);
$response_hashcode["md5_raw_false"] = md5($input_string, FALSE);
$response_hashcode["md5_raw_true"] = md5($input_string, TRUE);
$response_hashcode["sha1_raw_empty"] = sha1($input_string);
$response_hashcode["sha1_raw_false"] = sha1($input_string, FALSE);
$response_hashcode["sha1_raw_true"] = sha1($input_string, TRUE);
print "<PRE>";
print_r($response_hashcode);
print "</PRE>";
?>

In the above PHP program, we have stored the results of all possible attempts of invoking md5() and sha1() functions with a different combination of its arguments.

After executing this program, we can see the code returned on invoking functions, with empty or with FALSE values of $raw_output, are identical. And also, we can see some unreadable binary code returned as the output of the following lines.

<?php 
$response_hashcode["md5_raw_true"] = md5($input_string, TRUE);
// OR
$response_hashcode["sha1_raw_true"] = sha1($input_string, TRUE);
?>

Note:

• There are no other PHP functions to restore the hash code to its original input string or file content, once it is generated.
• SHA1 is said to be secured if we compare it with an MD5 algorithm; But, some other versions of algorithms in the SHA group, like, SHA256, and SHA512 are more secure than SHA1.
• These functions are not suitable for password hashing to protect passwords from a hacker. Because the code returned by these functions is easily breakable.

Download MD5 Vs SHA1 Hashing in PHP Source Code

Written by Vincy, a web developer with 15+ years of experience and a Masters degree in Computer Science. She specializes in building modern, lightweight websites using PHP, JavaScript, React, and related technologies. Phppot helps you in mastering web development through over a decade of publishing quality tutorials.

↑ Back to Top

• PHP
  • Learn PHP
  • PHP Introduction
  • PHP Basics
  • PHP Shopping Cart
  • Payment Gateway
  • Contact Form
  • PHP Login Registration
  • Comments System
  • Types, Variables & Operators
  • PHP Strings
  • PHP Arrays
  • PHP Functions
    • PHP Functions
    • PHP Variable Functions
    • Why PHP split() is Deprecated
    • PHP isset()
    • isset vs empty vs is_null
    • MD5 Vs SHA1 Hashing in PHP
    • PHP function showing IP Address
    • PHP Output Buffering
    • PHP Sleep
    • PHP URL Encoding Decoding
    • PHP Random Number Generator
  • PHP OOPS
  • Event Management System
  • PHP Mail
  • PHP Forms
  • Advanced
  • PHP AJAX
  • RESTful API
  • PHP Databases
  • PHP Sessions and Cookies
  • Error and Exception Handling
  • File Upload
  • File Import Export
  • Files and Directories
  • PHP Date Time
  • PHP XML
  • PHP CSV
  • PHP JSON
  • PHP Code Samples
  • Library
  • PHP Freelancer
• jQuery
• JavaScript
• WordPress
• MySQL
• CSS

• Share
• Tweet
• Share

1. Simple PHP Shopping Cart
2. Stripe Payment Gateway Integration using PHP
3. User Registration in PHP with Login: Form with MySQL and Code Download
4. PHP Contact Form
5. How to Create Dynamic Stacked Bar, Doughnut and Pie charts in PHP with Chart.js