Answer:Maugrim_The_Reaper wrote:Why settle for lower security?
Maugrim_The_Reaper wrote:It's not available as a native PHP function like md5() or sha1()
Moderator: General Moderators
Oren wrote:What's a static call?
Code: Select all
$hash = SHA256::hash('abc');bdlang wrote:Err, just so we're all clear, MD5 is a one-way HASH, not encryption (SHA1, SHA256 included), and it's interesting to me that alot of coders don't realize this. Just note that the thread is entitled 'encryption' and that not a single post mentions any actual encryption method. Encryption assumes decryption.
I did mention it.Roja wrote: However, your poll is also flawed in selections. MD5 isn't encryption. Its a cryptographic hash. You can't decode an md5sum. You can only predict the correct hash (collision), in a short period of time.
It's a tiny difference - one file include and a static call. The main difference in using a PHP implementation is performance. But such a hit is fairly low frequency (in the scheme of an overall app). Arguing for less security to pump up performance is a dangerous path to take.In my opinion, it's a big difference. For sha256, you have to include the class each time you want to use it and to create a new instance. For md5, you simply use it like with any other function.
Code: Select all
<?php
function encrypt($data)
{
return md5(sha1(stripslashes(strip_tags(htmlspecialchars($data)))));
}
$secure = encrypt($_POST['password']);
?>When it is a PHP native function more people have access to core algorithm that creates the hash. There is also a wider use of the hashing algorithm, hence the desire of some to develop rainbow tables attempting to 'crack' the hash. I would say that so far, almost all levels of 'built-in' hashing have had some degree of compromise simply because they available and widely used.Oren wrote:Answer:Maugrim_The_Reaper wrote:Why settle for lower security?Maugrim_The_Reaper wrote:It's not available as a native PHP function like md5() or sha1()