Page 1 of 1
sha256 only in PHP 5?
Posted: Thu Dec 07, 2006 9:03 am
by kaisellgren
Hi,
Is hash("sha256","string"); only usable in PHP 5 or does it work in version 4 too?
Posted: Thu Dec 07, 2006 9:21 am
by matthijs
If I remember right it's only php 5. But can be added to php4 with an Pecl extension
Posted: Thu Dec 07, 2006 9:24 am
by kaisellgren
I was just reading that line from the doc... and I guess pecl installing is not very popular? So maybe I'll forget sha256 then because my script would be used by different servers and some of them are running php 4 without any possibilities of instlling pecls.
Posted: Thu Dec 07, 2006 9:30 am
by matthijs
I have no experience with pecl extensions, but if I'm correct you could download the extensions themselves and therefore it would be possible to bundle them together with your script.
And otherwise there's feyd's
SHA256 Hashing Algorithm
Posted: Thu Dec 07, 2006 12:47 pm
by feyd
Yep, my class is there for environments where the hash extension is not enabled. I'm hoping to get the 2.0 interface out during Winter break, which starts tomorrow afternoon, that will have a completely different way of interacting with it and be far more flexible, tight and clean.
Anyways, I've tested my class in at late at 4.4.4. Provided E_STRICT is off, it should also run fine in 5, but I haven't really tested it.
2.0 will have separate versions for 4 and 5. The 5 branch will attempt to detect the availability of the hashing extension and use it where possible, however some operations will require the pure php implementation.
Posted: Fri Dec 08, 2006 6:51 am
by kaisellgren
Feyd you are very helpful man and thanks for that
What do you think as a hashmaster, what of these is the most secure way to protect data?
$str = "to be hashed";
sha1(md5($str));
md5(sha1($str));
md5($str);
sha1($str);
Your library seemed very good, but to avoid any possible bugs, I decided not to use any non-rebuild functions as they may be a little unstable. Not saying your is unstable, but I do not want to take any risks.
PS. Sorry for spelling your name with capitalized 'F', I just always start a sentence with capitalized letter...
Posted: Fri Dec 08, 2006 6:57 am
by feyd
sha1() alone is more secure than the other three.
Posted: Fri Dec 08, 2006 7:42 am
by kaisellgren
feyd wrote:sha1() alone is more secure than the other three.
Okay thank you, I trust you
