So if I do something like sha1($data) the result will be BLAHBLAH123. However if I do it again it will be BLAHAHS316. The same thing happens with md5. So my question is, what is a consistent way to hash values?
So like function($data) will return BLAHBLAHBLAH123 each time it is evaluated with the same $data parameter.
EDIT: I have a specific purpose in mind for this that isn't passwords so security isn't a concern.
EDIT: For example, md5($data) will not return BLAHBLAH every time, sometimes it'll return BLAHHHAL. I don't want that. I want it to return the same thing, BLAHBLAH everytime!
The output of a hashing operation will only change if the input has changed.
For example:
echo sha1( 'test' );
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
If you wish it to change everytime, you could append a timestamp to the input:
echo sha1( 'test'.time() )
3d68b7693768f199623f31f820b1ba29b0a58769
Hashing function are deterministic (they would be useless if this was not the case).
In computer science, a deterministic algorithm is an algorithm which, given a particular input, will always produce the same output, with the underlying machine always passing through the same sequence of states.
Consider another (eg. time) input to the domain as in sha1(microtime() . $data) if you want 'different output'. I'm not sure how useful this will be in practice.
Password hash functions use a salt (randomly generated, stored separately) as additional input so the same plain-text password will result in a different stored hash value.
Hashing method - to give the same value, but not easy to predict or decode is what i think you are looking for.
You can use use a constant string val and do a hash of that string to get the same value always, if you want to change the value you can change the constant and get a different hash value
$constStr = "hashThis";
$hashWord = md5($constStr);
// it will return the same value always, as long as the constStr is the same
Two different input with same md5 or sha1 output?
That's possible but way to hard. Take a look at here: https://crypto.stackexchange.com/questions/1434/are-there-two-known-strings-which-have-the-same-md5-hash-value
The return value will change as long as your $data variable changes, you can't get same hashing value from different strings
Related
$myStr = $_GET['myStr'];
if ($myStr == md5($myStr)) echo "ok\n";
I know there is a type jugglying in the code, but in my tests I couldn't find an input that satisfies the condition.
No, you cannot find that myStr value as it would come down to finding a (first degree) pre-image for MD5. Although MD5 has been broken for collision resistance, you should not be able to find a pre-image. More information here.
I'm presuming there that your code amounts to finding y = md5(y). y = md5(x) is a more general assumption and it is described in the Wikipedia article linked to above that it is impossible to find such H(x), even for MD5.
That doesn't mean that you should use MD5. Please use SHA-256, SHA-512 or indeed one of the SHA-3 functions. Even if MD5 hasn't been broken that far, it has been broken enough not to be used anymore; "Attacks always get better; they never get worse."
Let's start from the beginning. I will provide an example so i may help you maybe understand better.
In the first line you have $myStr = $_GET['myStr'];
I will just assume you will get this variable from your url like this :
http://localhost/md5Project.php?myStr=test
This will give your variable $myStr the value "test".
Moving forward in your if statement you have:
if ($myStr == md5($myStr)
this will never be true because $myStr value is "test" and md5($myStr) value is 098f6bcd4621d373cade4e832627b4f6 so basically you compare 2 strings with values "test" and "098f6bcd4621d373cade4e832627b4f6problem" which will always lead to false.
The function in php string hash ( string $algo , string $data [, bool $raw_output = false ] ) where algo=Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..), data=Message to be hashed., raw_output=When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits. so if I have this example
<?php
echo hash('ripemd128', 'The quick brown fox jumped over the lazy dog.');
?>
The above example output (which looks completely random): 51d43720fd516108ef5ed20e9031bb865ede861e
So I'm wondering where such functions is used and why? also Is there a way or a function to revert the output to the original string back again?
So I'm wondering where such functions is used and why?
They're used in digital signature algorithms, digital fingerprinting algorithms, content-addressable storage, constructing tamper-resistant data structures that can be traversed rapidly and securely, and for fast lookups that also resist complexity attacks.
also Is there a way or a function to revert the output to the original string back again?
No. In many cases, having this ability would defeat the point of the hash. Also, it is trivial to prove that this is, as stated, impossible, using a counting argument.
It is use for digital signatures like hashing the concatenated string with the secret key against the other to check if both hash string is correct, its like a key in order for you to gain access to do something.
There's no way to decrypt it because that is how it's made, it is a 1-way hash method.
if you want a method that encrypts and decrypts the string use mcrypt_encrypt and mcrypt_decrypt
this functions are used to compute a kind of "fingerprint" for some data. in your example this will be your string. same algorithm will produce the same hash for the same input data. if you change input data the computed hash will be different.
a popular usage is storing passwords. so you don't store passwords in clear text but hashed values.
for the second part of your question: hash algorithms are "one-way" only (should be ;)). so you can not restore the input data from hashed value.
In a web application I'm working on, i need to generate unique id's with an excessive length. Longer than typical UUID's. Another similar web app uses keys that look like this:
cb745abbc635c03f0c259b65y5da57c06e12ef51
What are these called? and how can i create unique ones in PHP? I've tried the UID method, however they are kinda short.
The example you posted is a 40 character hex string, which therefore looks suspiciously like a SHA1 hash. PHP's built-in sha1() function will hash an input string into just such a hash.
If you pass microtime(true) (to get the current time with microseconds as a float) as input, you'll get a value unique in time. Concatenate it with a hostname for a 40 character globally unique value.
echo sha1(microtime(true) . $hostname));
Note that while this type of value is probably satisfactory as a unique identifier for a database object, user ID, etc, it should not be considered cryptographically secure, as its sequence could be easily guessed.
This might be a hash generated from sha1 which is widely used:
From the PHP documentation:
If the optional raw_output is set to TRUE, then the sha1 digest is instead returned in raw binary format with a length of 20, otherwise the returned value is a 40-character hexadecimal number.
echo (sha1("whatever"));
Note that is not certain since it exists multiple other hashing algorithms that will give you a 40 characters length:
echo (hash("ripemd160", "whatever"));
echo (hash("tiger160,3", "whatever"));
echo (hash("tiger160,4", "whatever"));
echo (hash("haval160,3", "whatever"));
echo (hash("haval160,4", "whatever"));
echo (hash("haval160,5", "whatever"));
I'm trying to send a random number to the database for a user/article ID. It is currently using auto increment as a counting system. However, I'd like for the number to be random and unpredictable.
The mt_rand() function in PHP does exactly what I need. Although, my question is what happens when the function returns a number already in use. Of course I can just use a is_null() to check. But if it keeps on picking a number in use I could imagine that that'd slow the operation down.
Any thoughts on what I might be able to do to get around this? Perhaps I'm going at this all wrong.
Also if there's a function that gives letters and numbers that would also help greatly (like Youtube's).
Thanks for reading!
Here is a simple function to create a 10 character long string. The string is built using upper/lowercase text and numbers. Auto increment is definitely the way to go, however, if you are dead set, the function below should help.
<?php
function randomID()
{
$ID = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',5)),0,10);
echo $ID;
}
randomID();
?>
To make the string longer, change 10 to whatever you like. In terms of ensuring it does not already exist. I would suggest you generate the new ID and then do a search in the database to ensure it does not exist before inserting. Granted this is an extra step in the chain, but unfortunately this is what needs to be done.
Hope this helps
You should always use an auto_increment field as the primary key of your database. Not doing that costs you a great deal in performance. You can certainly create a secondary ID field with your random ID. I'd probably use a hashing function to get the best chance of a random string:
<?php $key = md5(rand(0,999).time().$myItemTitle); // ex. ce4075a3d3f6fd757eb6dd44810cbe14
You should always (in normal use cases) use an auto incremented ID for performance reasons. If you're purpose is to be able to somewhat hide the next post because someone could be guessing for it then you better add some kind of hashed unique field to your database.
Always random (just encrypting ms) :
<?php
$value = time();
$key = "543yretghf436436";
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $value, MCRYPT_MODE_ECB);
//if you want even long string change 128 to 256
$encrypted = base64_encode($encrypted);
$encrypted = rtrim($encrypted, '=');
echo $encrypted;
?>
e.g.
Egttu2XhRGdAiXVfszscWg
XlttfR3XaL6pym1uSNY7Kg
YvoKCweUnN8gZyodRYysLA
What you actually want is some "random" key to use as an identifier for the article. I would keep the auto_increment and eigther:
add an column with a "hashkey" or "random key" to identify the article. This poses the "i already have this key" issue (which should not be that large unless you have billions of articles). See some code examples already posted.
create an extra table with pregenerated keys (i.e. 10000 id -> key values) where you can lookup the id by key. If the table runs out you can easily generate new values. This way you don't have to worry about getting "slow" generation speed.
I'm working with an application that requires sha1 encoding for certain form values.
The problem is that when I use the following
<?php echo(hash("sha1","par1=".$_POST['p1']."&par2=".$_POST['p2'])); ?>
It gives me a sha1 encoding of the actual string, while I want to get a sha1 encoding of the posted values, so in this example I want to get
<?php echo(hash("sha1","par1=firstvalue&par2=secondvalue")); ?>
How can I realize this? Is it actually that simple and am I thinking way to difficult?
That because it identifies that para1=some_value as string not para1 as variable and some_value string
To achieve what you want you should hash every variable alone
Or I suggest that you implement your own encoding algorithm
Why not do it like this? Though I would have though either way would result in the same thing....
$hash_this = "par1=".$_POST['p1']."&par2=".$_POST['p2'];
echo sha1($hash_this);
Though that will do it if you want to hash the string of the values all together, rather than the values, if you want to store the values - then you should probably hash each value, so you could at least compare them later. Useful for a login system where you want to save a password to a database, which is more secure than literally just storing the password...
$password = sha1($_POST['password']);
If you hash the string, you have no idea which value is wrong