Introduction
This extension provides functions that can be used for direct or
incremental processing of arbitrary length messages using a variety of
hashing algorithms, including the generation of HMAC
values and key derivations including HKDF and
PBKDF2.
There are roughly three categories of hashing algorithms, and a complete list of
algorithms can be found in the documentation for hash_algos.
-
Checksum algorithms (such as
"crc32b"
or "adler32"
):
These are used to calculate checksums, useful in situations such as when
transmission errors are to be detected. They are often very fast. These
algorithms often generate values that are easily "guessable" or can be manipulated
to create collisions, so they are entirely unsuitable for cryptographic use.
-
Non-cryptographic algorithms (such as the xxHash family):
These are often used to calculate hash values for hash tables, as they are
designed to yield a good distribution over arbitrary string inputs. They
are also generally fast, but also not suitable for cryptographic use.
-
Cryptographic algorithms (such as the SHA-2 family):
These are designed to yield hash values that are representative of their
inputs but are not guessable nor prone to collisions. Performance is often
a secondary concern, but modern hardware often supports special handling
for these algorithms that PHP tries to use when available.
The Computer Security Resource Center of the NIST has
» explanation of the algorithms
currently approved by United States Federal Information Processing
Standards.
Caution
Some of the early cryptographic algorithms, such as "md4"
,
"md5"
, and "sha1"
, have been proven
to be prone to collision attacks and it is generally recommended to no
longer use these for cryptographic applications.
See also the FAQ on Safe Password Hashing
for information on best practices for using hash functions in handling
passwords.