CINXE.COM

PHP: sha1 - Manual

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="de"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PHP: sha1 - Manual </title> <link rel="icon" type="image/svg+xml" sizes="any" href="https://www.php.net/favicon.svg?v=2"> <link rel="icon" type="image/png" sizes="196x196" href="https://www.php.net/favicon-196x196.png?v=2"> <link rel="icon" type="image/png" sizes="32x32" href="https://www.php.net/favicon-32x32.png?v=2"> <link rel="icon" type="image/png" sizes="16x16" href="https://www.php.net/favicon-16x16.png?v=2"> <link rel="shortcut icon" href="https://www.php.net/favicon.ico?v=2"> <link rel="search" type="application/opensearchdescription+xml" href="http://php.net/phpnetimprovedsearch.src" title="Add PHP.net search"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/releases/feed.php" title="PHP Release feed"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/feed.atom" title="PHP: Hypertext Preprocessor"> <link rel="canonical" href="https://www.php.net/manual/de/function.sha1.php"> <link rel="shorturl" href="https://www.php.net/sha1"> <link rel="alternate" href="https://www.php.net/sha1" hreflang="x-default"> <link rel="contents" href="https://www.php.net/manual/de/index.php"> <link rel="index" href="https://www.php.net/manual/de/ref.strings.php"> <link rel="prev" href="https://www.php.net/manual/de/function.setlocale.php"> <link rel="next" href="https://www.php.net/manual/de/function.sha1-file.php"> <link rel="alternate" href="https://www.php.net/manual/en/function.sha1.php" hreflang="en"> <link rel="alternate" href="https://www.php.net/manual/de/function.sha1.php" hreflang="de"> <link rel="alternate" href="https://www.php.net/manual/es/function.sha1.php" hreflang="es"> <link rel="alternate" href="https://www.php.net/manual/fr/function.sha1.php" hreflang="fr"> <link rel="alternate" href="https://www.php.net/manual/it/function.sha1.php" hreflang="it"> <link rel="alternate" href="https://www.php.net/manual/ja/function.sha1.php" hreflang="ja"> <link rel="alternate" href="https://www.php.net/manual/pt_BR/function.sha1.php" hreflang="pt_BR"> <link rel="alternate" href="https://www.php.net/manual/ru/function.sha1.php" hreflang="ru"> <link rel="alternate" href="https://www.php.net/manual/tr/function.sha1.php" hreflang="tr"> <link rel="alternate" href="https://www.php.net/manual/uk/function.sha1.php" hreflang="uk"> <link rel="alternate" href="https://www.php.net/manual/zh/function.sha1.php" hreflang="zh"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&amp;f=/fonts/Fira/fira.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&amp;f=/fonts/Font-Awesome/css/fontello.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1732428602&amp;f=/styles/theme-base.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1730558402&amp;f=/styles/theme-medium.css" media="screen"> <base href="https://www.php.net/manual/de/function.sha1.php"> <meta name="Description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@official_php" /> <meta name="twitter:title" content="PHP: Hypertext Preprocessor" /> <meta name="twitter:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:creator" content="@official_php" /> <meta name="twitter:image:src" content="https://www.php.net/images/meta-image.png" /> <meta itemprop="name" content="PHP: Hypertext Preprocessor" /> <meta itemprop="description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta itemprop="image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <link href="https://fosstodon.org/@php" rel="me" /> <!-- Matomo --> <script> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setDoNotTrack", true]); _paq.push(["disableCookies"]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="https://analytics.php.net/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code --> </head> <body class="docs "> <nav class="navbar navbar-fixed-top"> <div class="navbar__inner"> <a href="/" aria-label="PHP Home" class="navbar__brand"> <img src="/images/logos/php-logo-white.svg" aria-hidden="true" width="80" height="40" > </a> <div id="navbar__offcanvas" tabindex="-1" class="navbar__offcanvas" aria-label="Menu" > <button id="navbar__close-button" class="navbar__icon-item navbar_icon-item--visually-aligned navbar__close-button" > <svg xmlns="http://www.w3.org/2000/svg" width="24" viewBox="0 0 24 24" fill="currentColor"><path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z" /></svg> </button> <ul class="navbar__nav"> <li class="navbar__item"> <a href="/downloads.php" class="navbar__link " > Downloads </a> </li> <li class="navbar__item"> <a href="/docs.php" aria-current="page" class="navbar__link navbar__link--active " > Documentation </a> </li> <li class="navbar__item"> <a href="/get-involved.php" class="navbar__link " > Get Involved </a> </li> <li class="navbar__item"> <a href="/support.php" class="navbar__link " > Help </a> </li> <li class="navbar__item"> <a href="/releases/8.4/index.php" class="navbar__link navbar__release" > <img src="/images/php8/logo_php8_4.svg" alt="PHP 8.4"> </a> </li> </ul> </div> <div class="navbar__right"> <!-- Desktop default search --> <form action="/manual-lookup.php" class="navbar__search-form" > <label for="navbar__search-input" aria-label="Search docs"> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </label> <input type="search" name="pattern" id="navbar__search-input" class="navbar__search-input" placeholder="Search docs" accesskey="s" > <input type="hidden" name="scope" value="quickref"> </form> <!-- Desktop encanced search --> <button id="navbar__search-button" class="navbar__search-button" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> Search docs </button> <!-- Mobile default items --> <a id="navbar__search-link" href="/lookup-form.php" aria-label="Search docs" class="navbar__icon-item navbar__search-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </a> <a id="navbar__menu-link" href="/menu.php" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned navbar_menu-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </a> <!-- Mobile enhanced items --> <button id="navbar__search-button-mobile" aria-label="Search docs" class="navbar__icon-item navbar__search-button-mobile" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </button> <button id="navbar__menu-button" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </button> </div> <div id="navbar__backdrop" class="navbar__backdrop" ></div> </div> <div id="flash-message"></div> </nav> <div class="headsup"><a href='/conferences/index.php#2024-12-09-1'>ConFoo 2025</a></div> <nav id="trick"><div><dl> <dt><a href='/manual/en/getting-started.php'>Getting Started</a></dt> <dd><a href='/manual/en/introduction.php'>Introduction</a></dd> <dd><a href='/manual/en/tutorial.php'>A simple tutorial</a></dd> <dt><a href='/manual/en/langref.php'>Language Reference</a></dt> <dd><a href='/manual/en/language.basic-syntax.php'>Basic syntax</a></dd> <dd><a href='/manual/en/language.types.php'>Types</a></dd> <dd><a href='/manual/en/language.variables.php'>Variables</a></dd> <dd><a href='/manual/en/language.constants.php'>Constants</a></dd> <dd><a href='/manual/en/language.expressions.php'>Expressions</a></dd> <dd><a href='/manual/en/language.operators.php'>Operators</a></dd> <dd><a href='/manual/en/language.control-structures.php'>Control Structures</a></dd> <dd><a href='/manual/en/language.functions.php'>Functions</a></dd> <dd><a href='/manual/en/language.oop5.php'>Classes and Objects</a></dd> <dd><a href='/manual/en/language.namespaces.php'>Namespaces</a></dd> <dd><a href='/manual/en/language.enumerations.php'>Enumerations</a></dd> <dd><a href='/manual/en/language.errors.php'>Errors</a></dd> <dd><a href='/manual/en/language.exceptions.php'>Exceptions</a></dd> <dd><a href='/manual/en/language.fibers.php'>Fibers</a></dd> <dd><a href='/manual/en/language.generators.php'>Generators</a></dd> <dd><a href='/manual/en/language.attributes.php'>Attributes</a></dd> <dd><a href='/manual/en/language.references.php'>References Explained</a></dd> <dd><a href='/manual/en/reserved.variables.php'>Predefined Variables</a></dd> <dd><a href='/manual/en/reserved.exceptions.php'>Predefined Exceptions</a></dd> <dd><a href='/manual/en/reserved.interfaces.php'>Predefined Interfaces and Classes</a></dd> <dd><a href='/manual/en/reserved.attributes.php'>Predefined Attributes</a></dd> <dd><a href='/manual/en/context.php'>Context options and parameters</a></dd> <dd><a href='/manual/en/wrappers.php'>Supported Protocols and Wrappers</a></dd> </dl> <dl> <dt><a href='/manual/en/security.php'>Security</a></dt> <dd><a href='/manual/en/security.intro.php'>Introduction</a></dd> <dd><a href='/manual/en/security.general.php'>General considerations</a></dd> <dd><a href='/manual/en/security.cgi-bin.php'>Installed as CGI binary</a></dd> <dd><a href='/manual/en/security.apache.php'>Installed as an Apache module</a></dd> <dd><a href='/manual/en/security.sessions.php'>Session Security</a></dd> <dd><a href='/manual/en/security.filesystem.php'>Filesystem Security</a></dd> <dd><a href='/manual/en/security.database.php'>Database Security</a></dd> <dd><a href='/manual/en/security.errors.php'>Error Reporting</a></dd> <dd><a href='/manual/en/security.variables.php'>User Submitted Data</a></dd> <dd><a href='/manual/en/security.hiding.php'>Hiding PHP</a></dd> <dd><a href='/manual/en/security.current.php'>Keeping Current</a></dd> <dt><a href='/manual/en/features.php'>Features</a></dt> <dd><a href='/manual/en/features.http-auth.php'>HTTP authentication with PHP</a></dd> <dd><a href='/manual/en/features.cookies.php'>Cookies</a></dd> <dd><a href='/manual/en/features.sessions.php'>Sessions</a></dd> <dd><a href='/manual/en/features.file-upload.php'>Handling file uploads</a></dd> <dd><a href='/manual/en/features.remote-files.php'>Using remote files</a></dd> <dd><a href='/manual/en/features.connection-handling.php'>Connection handling</a></dd> <dd><a href='/manual/en/features.persistent-connections.php'>Persistent Database Connections</a></dd> <dd><a href='/manual/en/features.commandline.php'>Command line usage</a></dd> <dd><a href='/manual/en/features.gc.php'>Garbage Collection</a></dd> <dd><a href='/manual/en/features.dtrace.php'>DTrace Dynamic Tracing</a></dd> </dl> <dl> <dt><a href='/manual/en/funcref.php'>Function Reference</a></dt> <dd><a href='/manual/en/refs.basic.php.php'>Affecting PHP's Behaviour</a></dd> <dd><a href='/manual/en/refs.utilspec.audio.php'>Audio Formats Manipulation</a></dd> <dd><a href='/manual/en/refs.remote.auth.php'>Authentication Services</a></dd> <dd><a href='/manual/en/refs.utilspec.cmdline.php'>Command Line Specific Extensions</a></dd> <dd><a href='/manual/en/refs.compression.php'>Compression and Archive Extensions</a></dd> <dd><a href='/manual/en/refs.crypto.php'>Cryptography Extensions</a></dd> <dd><a href='/manual/en/refs.database.php'>Database Extensions</a></dd> <dd><a href='/manual/en/refs.calendar.php'>Date and Time Related Extensions</a></dd> <dd><a href='/manual/en/refs.fileprocess.file.php'>File System Related Extensions</a></dd> <dd><a href='/manual/en/refs.international.php'>Human Language and Character Encoding Support</a></dd> <dd><a href='/manual/en/refs.utilspec.image.php'>Image Processing and Generation</a></dd> <dd><a href='/manual/en/refs.remote.mail.php'>Mail Related Extensions</a></dd> <dd><a href='/manual/en/refs.math.php'>Mathematical Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.nontext.php'>Non-Text MIME Output</a></dd> <dd><a href='/manual/en/refs.fileprocess.process.php'>Process Control Extensions</a></dd> <dd><a href='/manual/en/refs.basic.other.php'>Other Basic Extensions</a></dd> <dd><a href='/manual/en/refs.remote.other.php'>Other Services</a></dd> <dd><a href='/manual/en/refs.search.php'>Search Engine Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.server.php'>Server Specific Extensions</a></dd> <dd><a href='/manual/en/refs.basic.session.php'>Session Extensions</a></dd> <dd><a href='/manual/en/refs.basic.text.php'>Text Processing</a></dd> <dd><a href='/manual/en/refs.basic.vartype.php'>Variable and Type Related Extensions</a></dd> <dd><a href='/manual/en/refs.webservice.php'>Web Services</a></dd> <dd><a href='/manual/en/refs.utilspec.windows.php'>Windows Only Extensions</a></dd> <dd><a href='/manual/en/refs.xml.php'>XML Manipulation</a></dd> <dd><a href='/manual/en/refs.ui.php'>GUI Extensions</a></dd> </dl> <dl> <dt>Keyboard Shortcuts</dt><dt>?</dt> <dd>This help</dd> <dt>j</dt> <dd>Next menu item</dd> <dt>k</dt> <dd>Previous menu item</dd> <dt>g p</dt> <dd>Previous man page</dd> <dt>g n</dt> <dd>Next man page</dd> <dt>G</dt> <dd>Scroll to bottom</dd> <dt>g g</dt> <dd>Scroll to top</dd> <dt>g h</dt> <dd>Goto homepage</dd> <dt>g s</dt> <dd>Goto search<br>(current page)</dd> <dt>/</dt> <dd>Focus search box</dd> </dl></div></nav> <div id="goto"> <div class="search"> <div class="text"></div> <div class="results"><ul></ul></div> </div> </div> <div id="breadcrumbs" class="clearfix"> <div id="breadcrumbs-inner"> <div class="next"> <a href="function.sha1-file.php"> sha1_file &raquo; </a> </div> <div class="prev"> <a href="function.setlocale.php"> &laquo; setlocale </a> </div> <ul> <li><a href='index.php'>PHP-Handbuch</a></li> <li><a href='funcref.php'>Funktionsreferenz</a></li> <li><a href='refs.basic.text.php'>Textverarbeitung</a></li> <li><a href='book.strings.php'>Zeichenketten</a></li> <li><a href='ref.strings.php'>String-Funktionen</a></li> </ul> </div> </div> <div id="layout" class="clearfix"> <section id="layout-content"> <div class="page-tools"> <div class="change-language"> <form action="/manual/change.php" method="get" id="changelang" name="changelang"> <fieldset> <label for="changelang-langs">Change language:</label> <select onchange="document.changelang.submit()" name="page" id="changelang-langs"> <option value='en/function.sha1.php'>English</option> <option value='de/function.sha1.php' selected="selected">German</option> <option value='es/function.sha1.php'>Spanish</option> <option value='fr/function.sha1.php'>French</option> <option value='it/function.sha1.php'>Italian</option> <option value='ja/function.sha1.php'>Japanese</option> <option value='pt_BR/function.sha1.php'>Brazilian Portuguese</option> <option value='ru/function.sha1.php'>Russian</option> <option value='tr/function.sha1.php'>Turkish</option> <option value='uk/function.sha1.php'>Ukrainian</option> <option value='zh/function.sha1.php'>Chinese (Simplified)</option> <option value='help-translate.php'>Other</option> </select> </fieldset> </form> </div> </div><div id="function.sha1" class="refentry"> <div class="refnamediv"> <h1 class="refname">sha1</h1> <p class="verinfo">(PHP 4 &gt;= 4.3.0, PHP 5, PHP 7, PHP 8)</p><p class="refpurpose"><span class="refname">sha1</span> &mdash; <span class="dc-title">Berechnet den SHA1-Hash eines Strings</span></p> </div> <div id="function.sha1-refsynopsisdiv"> <div class="warning"><strong class="warning">Warnung</strong> <p class="para"> Es ist nicht empfohlen, diese Funktion zu verwenden um Passwörter zu hashen, da dieser Passwortalgorithmus relativ schnell ist. Die Seite <a href="faq.passwords.php#faq.passwords.fasthash" class="link">Password Hashing FAQ</a> enthält weitere Informationen und Best Practices zum Hashen von Passwörtern. </p> </div> </div> <div class="refsect1 description" id="refsect1-function.sha1-description"> <h3 class="title">Beschreibung</h3> <div class="methodsynopsis dc-description"> <span class="methodname"><strong>sha1</strong></span>(<span class="methodparam"><span class="type"><a href="language.types.string.php" class="type string">string</a></span> <code class="parameter">$string</code></span>, <span class="methodparam"><span class="type"><a href="language.types.boolean.php" class="type bool">bool</a></span> <code class="parameter">$binary</code><span class="initializer"> = <strong><code><a href="reserved.constants.php#constant.false">false</a></code></strong></span></span>): <span class="type"><a href="language.types.string.php" class="type string">string</a></span></div> <p class="simpara"> Berechnet den SHA1 Hash von <code class="parameter">string</code> unter Verwendung des <a href="https://datatracker.ietf.org/doc/html/rfc3174" class="link external">&raquo;&nbsp;US Secure Hash Algorithmus 1</a>. </p> </div> <div class="refsect1 parameters" id="refsect1-function.sha1-parameters"> <h3 class="title">Parameter-Liste</h3> <p class="para"> <dl> <dt><code class="parameter">string</code></dt> <dd> <p class="para"> Die Eingabezeichenkette. </p> </dd> <dt><code class="parameter">binary</code></dt> <dd> <p class="para"> Ist der optionale Parameter <code class="parameter">binary</code> <strong><code><a href="reserved.constants.php#constant.true">true</a></code></strong>, wird der SHA1-Extrakt im Raw-Binary-Format mit einer Länge von 20 Zeichen zurückgegeben. Ansonsten ist der Rückgabewert ein 40 Zeichen langer Hexadezimalwert. </p> </dd> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.sha1-returnvalues"> <h3 class="title">Rückgabewerte</h3> <p class="para"> Gibt den SHA1-Hash als Zeichenkette zurück. </p> </div> <div class="refsect1 examples" id="refsect1-function.sha1-examples"> <h3 class="title">Beispiele</h3> <p class="para"> <div class="example" id="example-4967"> <p><strong>Beispiel #1 Ein <span class="function"><strong>sha1()</strong></span>-Beispiel</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br />$str </span><span style="color: #007700">= </span><span style="color: #DD0000">'Apfel'</span><span style="color: #007700">;<br /><br />if (</span><span style="color: #0000BB">sha1</span><span style="color: #007700">(</span><span style="color: #0000BB">$str</span><span style="color: #007700">) === </span><span style="color: #DD0000">'df589122eac0f6a7bd8795436e692e3675cadc3b'</span><span style="color: #007700">) {<br /> echo </span><span style="color: #DD0000">"Hätten Sie gern einen grünen oder einen roten Apfel?"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?&gt;</span></span></code></div> </div> </div> </p> </div> <div class="refsect1 seealso" id="refsect1-function.sha1-seealso"> <h3 class="title">Siehe auch</h3> <p class="para"> <ul class="simplelist"> <li><span class="function"><a href="function.hash.php" class="function" rel="rdfs-seeAlso">hash()</a> - Berechnet den Hash einer Nachricht</span></li> <li><span class="function"><a href="function.password-hash.php" class="function" rel="rdfs-seeAlso">password_hash()</a> - Erstellt einen Passwort-Hash</span></li> </ul> </p> </div> </div> <div class="contribute"> <h3 class="title">Found A Problem?</h3> <div> </div> <div class="edit-bug"> <a href="https://github.com/php/doc-base/blob/master/README.md" title="This will take you to our contribution guidelines on GitHub" target="_blank" rel="noopener noreferrer">Learn How To Improve This Page</a> • <a href="https://github.com/php/doc-de/blob/master/reference/strings/functions/sha1.xml">Submit a Pull Request</a> • <a href="https://github.com/php/doc-de/issues/new?body=From%20manual%20page:%20https:%2F%2Fphp.net%2Ffunction.sha1%0A%0A---">Report a Bug</a> </div> </div><section id="usernotes"> <div class="head"> <span class="action"><a href="/manual/add-note.php?sect=function.sha1&amp;repo=de&amp;redirect=https://www.php.net/manual/de/function.sha1.php">+<small>add a note</small></a></span> <h3 class="title">User Contributed Notes <span class="count">31 notes</span></h3> </div><div id="allnotes"> <div class="note" id="81388"> <div class="votes"> <div id="Vu81388"> <a href="/manual/vote-note.php?id=81388&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd81388"> <a href="/manual/vote-note.php?id=81388&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V81388" title="80% like this..."> 124 </div> </div> <a href="#81388" class="name"> <strong class="user"><em>nathan</em></strong></a><a class="genanchor" href="#81388"> &para;</a><div class="date" title="2008-02-25 08:11"><strong>16 years ago</strong></div> <div class="text" id="Hcom81388"> <div class="phpcode"><code><span class="html">The suggestion below to double-hash your password is not a good idea. You are much much better off adding a variable salt to passwords before hashing (such as the username or other field that is dissimilar for every account).<br /><br />Double hashing is *worse* security than a regular hash. What you're actually doing is taking some input $passwd, converting it to a string of exactly 32 characters containing only the characters [0-9][A-F], and then hashing *that*. You have just *greatly* increased the odds of a hash collision (ie. the odds that I can guess a phrase that will hash to the same value as your password).<br /><br />sha1(md5($pass)) makes even less sense, since you're feeding in 128-bits of information to generate a 256-bit hash, so 50% of the resulting data is redundant. You have not increased security at all.</span></code></div> </div> </div> <div class="note" id="54509"> <div class="votes"> <div id="Vu54509"> <a href="/manual/vote-note.php?id=54509&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd54509"> <a href="/manual/vote-note.php?id=54509&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V54509" title="65% like this..."> 7 </div> </div> <a href="#54509" class="name"> <strong class="user"><em>Helpful Harry</em></strong></a><a class="genanchor" href="#54509"> &para;</a><div class="date" title="2005-07-06 10:21"><strong>19 years ago</strong></div> <div class="text" id="Hcom54509"> <div class="phpcode"><code><span class="html">check out these randomized sha1 password storage functions, they output a string of 50 characters, the first 40 characters being a sha1 output based on the last 10 characters - those being a random seed<br /><br />to encode a password run pw_encode with the password, it'll return a different pseudo-random string every time - store this value.<br /><br />to check a password run pw_check with the password attempt and the stored value, it'll return true on a match and false otherwise<br /><br />these functions eliminate the pesky problem of dictionary matches being run on your password lists<br /><br /><span class="default">&lt;?php<br /><br /></span><span class="keyword">function </span><span class="default">pw_encode</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">)<br />{<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt;= </span><span class="default">10</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++)<br /> </span><span class="default">$seed </span><span class="keyword">.= </span><span class="default">substr</span><span class="keyword">(</span><span class="string">'0123456789abcdef'</span><span class="keyword">, </span><span class="default">rand</span><span class="keyword">(</span><span class="default">0</span><span class="keyword">,</span><span class="default">15</span><span class="keyword">), </span><span class="default">1</span><span class="keyword">);<br /> return </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$seed</span><span class="keyword">.</span><span class="default">$password</span><span class="keyword">.</span><span class="default">$seed</span><span class="keyword">).</span><span class="default">$seed</span><span class="keyword">;<br />}<br /><br />function </span><span class="default">pw_check</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">, </span><span class="default">$stored_value</span><span class="keyword">)<br />{<br /> if (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$stored_value</span><span class="keyword">) != </span><span class="default">50</span><span class="keyword">)<br /> return </span><span class="default">FALSE</span><span class="keyword">;<br /> </span><span class="default">$stored_seed </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$stored_value</span><span class="keyword">,</span><span class="default">40</span><span class="keyword">,</span><span class="default">10</span><span class="keyword">);<br /> if (</span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$stored_seed</span><span class="keyword">.</span><span class="default">$password</span><span class="keyword">.</span><span class="default">$stored_seed</span><span class="keyword">).</span><span class="default">$stored_seed </span><span class="keyword">== </span><span class="default">$stored_value</span><span class="keyword">)<br /> return </span><span class="default">TRUE</span><span class="keyword">;<br /> else<br /> return </span><span class="default">FALSE</span><span class="keyword">;<br />}<br /><br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="31479"> <div class="votes"> <div id="Vu31479"> <a href="/manual/vote-note.php?id=31479&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd31479"> <a href="/manual/vote-note.php?id=31479&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V31479" title="62% like this..."> 4 </div> </div> <a href="#31479" class="name"> <strong class="user"><em>bobm at hp dot com</em></strong></a><a class="genanchor" href="#31479"> &para;</a><div class="date" title="2003-04-23 09:12"><strong>21 years ago</strong></div> <div class="text" id="Hcom31479"> <div class="phpcode"><code><span class="html">To achieve raw binary format prior to PHP5, you can do this...<br /><br />$raw = pack("H*", sha1($str));<br /><br />Regards,<br /><br />Bob Mader</span></code></div> </div> </div> <div class="note" id="112844"> <div class="votes"> <div id="Vu112844"> <a href="/manual/vote-note.php?id=112844&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd112844"> <a href="/manual/vote-note.php?id=112844&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V112844" title="59% like this..."> 4 </div> </div> <a href="#112844" class="name"> <strong class="user"><em>marcin at marcinwolny dot net</em></strong></a><a class="genanchor" href="#112844"> &para;</a><div class="date" title="2013-07-29 03:32"><strong>11 years ago</strong></div> <div class="text" id="Hcom112844"> <div class="phpcode"><code><span class="html">Keep in mind that MD5 is less secure than SHA1.<br />Older CPUs can calculate MD5 over twice as fast as SHA1. GPUs in parallel calculations can handle MD5 over 3 times as fast as SHA1!<br /><br />Two Radeon 79xx-series GPUs can calculate a rainbow table for 6-character lowercase MD5 password in... roughly 6 seconds!<br /><br />Source: <a href="http://www.codinghorror.com/blog/2012/04/speed-hashing.html" rel="nofollow" target="_blank">http://www.codinghorror.com/blog/2012/04/speed-hashing.html</a></span></code></div> </div> </div> <div class="note" id="86239"> <div class="votes"> <div id="Vu86239"> <a href="/manual/vote-note.php?id=86239&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd86239"> <a href="/manual/vote-note.php?id=86239&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V86239" title="60% like this..."> 4 </div> </div> <a href="#86239" class="name"> <strong class="user"><em>Andre D</em></strong></a><a class="genanchor" href="#86239"> &para;</a><div class="date" title="2008-10-08 06:28"><strong>16 years ago</strong></div> <div class="text" id="Hcom86239"> <div class="phpcode"><code><span class="html">Here's a better version of the getDigestNotation() function I posted earlier. (The first version had a bug in the argument checking.)<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">getDigestNotation</span><span class="keyword">(</span><span class="default">$rawDigest</span><span class="keyword">, </span><span class="default">$bitsPerCharacter</span><span class="keyword">, </span><span class="default">$chars </span><span class="keyword">= </span><span class="default">NULL</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$chars </span><span class="keyword">=== </span><span class="default">NULL </span><span class="keyword">|| </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &lt; </span><span class="default">2</span><span class="keyword">) {<br /> </span><span class="default">$chars </span><span class="keyword">= </span><span class="string">'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-,'</span><span class="keyword">;<br /> }<br /><br /> if (</span><span class="default">$bitsPerCharacter </span><span class="keyword">&lt; </span><span class="default">1</span><span class="keyword">) {<br /> </span><span class="comment">// $bitsPerCharacter must be at least 1<br /> </span><span class="default">$bitsPerCharacter </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">;<br /><br /> } elseif (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &lt; </span><span class="default">pow</span><span class="keyword">(</span><span class="default">2</span><span class="keyword">, </span><span class="default">$bitsPerCharacter</span><span class="keyword">)) {<br /> </span><span class="comment">// Character length of $chars is too small for $bitsPerCharacter<br /> // Set $bitsPerCharacter to greatest value allowed by length of $chars<br /> </span><span class="default">$bitsPerCharacter </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">;<br /> </span><span class="default">$minCharLength </span><span class="keyword">= </span><span class="default">2</span><span class="keyword">;<br /><br /> while (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &gt;= (</span><span class="default">$minCharLength </span><span class="keyword">*= </span><span class="default">2</span><span class="keyword">)) {<br /> </span><span class="default">$bitsPerCharacter</span><span class="keyword">++;<br /> }<br /><br /> unset(</span><span class="default">$minCharLength</span><span class="keyword">);<br /> }<br /><br /> </span><span class="default">$bytes </span><span class="keyword">= </span><span class="default">unpack</span><span class="keyword">(</span><span class="string">'C*'</span><span class="keyword">, </span><span class="default">$rawDigest</span><span class="keyword">);<br /> </span><span class="default">$byteCount </span><span class="keyword">= </span><span class="default">count</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /><br /> </span><span class="default">$out </span><span class="keyword">= </span><span class="string">''</span><span class="keyword">;<br /> </span><span class="default">$byte </span><span class="keyword">= </span><span class="default">array_shift</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /><br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$byteCount </span><span class="keyword">* </span><span class="default">8 </span><span class="keyword">/ </span><span class="default">$bitsPerCharacter</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++) {<br /><br /> if (</span><span class="default">$bitsRead </span><span class="keyword">+ </span><span class="default">$bitsPerCharacter </span><span class="keyword">&gt; </span><span class="default">8</span><span class="keyword">) {<br /> </span><span class="comment">// Not enough bits remain in this byte for the current character<br /> // Get remaining bits and get next byte<br /> </span><span class="default">$oldBits </span><span class="keyword">= </span><span class="default">$byte </span><span class="keyword">- (</span><span class="default">$byte </span><span class="keyword">&gt;&gt; </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead </span><span class="keyword">&lt;&lt; </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead</span><span class="keyword">);<br /><br /> if (</span><span class="default">count</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">) == </span><span class="default">0</span><span class="keyword">) {<br /> </span><span class="comment">// Last bits; match final character and exit loop<br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">$chars</span><span class="keyword">[</span><span class="default">$oldBits</span><span class="keyword">];<br /> break;<br /> }<br /><br /> </span><span class="default">$oldBitCount </span><span class="keyword">= </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead</span><span class="keyword">;<br /> </span><span class="default">$byte </span><span class="keyword">= </span><span class="default">array_shift</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /><br /> } else {<br /> </span><span class="default">$oldBitCount </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /> }<br /><br /> </span><span class="comment">// Read only the needed bits from this byte<br /> </span><span class="default">$bits </span><span class="keyword">= </span><span class="default">$byte </span><span class="keyword">&gt;&gt; </span><span class="default">8 </span><span class="keyword">- (</span><span class="default">$bitsRead </span><span class="keyword">+ (</span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">));<br /> </span><span class="default">$bits </span><span class="keyword">= </span><span class="default">$bits </span><span class="keyword">- (</span><span class="default">$bits </span><span class="keyword">&gt;&gt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount </span><span class="keyword">&lt;&lt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">+= </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">;<br /><br /> if (</span><span class="default">$oldBitCount </span><span class="keyword">&gt; </span><span class="default">0</span><span class="keyword">) {<br /> </span><span class="comment">// Bits come from seperate bytes, add $oldBits to $bits<br /> </span><span class="default">$bits </span><span class="keyword">= (</span><span class="default">$oldBits </span><span class="keyword">&lt;&lt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">) | </span><span class="default">$bits</span><span class="keyword">;<br /> }<br /><br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">$chars</span><span class="keyword">[</span><span class="default">$bits</span><span class="keyword">];<br /> }<br /><br /> return </span><span class="default">$out</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="71449"> <div class="votes"> <div id="Vu71449"> <a href="/manual/vote-note.php?id=71449&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd71449"> <a href="/manual/vote-note.php?id=71449&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V71449" title="60% like this..."> 2 </div> </div> <a href="#71449" class="name"> <strong class="user"><em>novum123 at ribbonbazaar dot com</em></strong></a><a class="genanchor" href="#71449"> &para;</a><div class="date" title="2006-11-29 08:54"><strong>18 years ago</strong></div> <div class="text" id="Hcom71449"> <div class="phpcode"><code><span class="html">So far as the dictionary attacks are concerned, I thought up the following function:<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">twistSTR</span><span class="keyword">(</span><span class="default">$array</span><span class="keyword">){<br /> </span><span class="default">$twisted</span><span class="keyword">=</span><span class="string">""</span><span class="keyword">;<br /> </span><span class="default">$array_strlen</span><span class="keyword">=array();<br /><br /> foreach (</span><span class="default">$array </span><span class="keyword">as </span><span class="default">$element</span><span class="keyword">){<br /> </span><span class="default">$array_strlen</span><span class="keyword">[]=</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$element</span><span class="keyword">);<br /> }<br /><br /> for (</span><span class="default">$i</span><span class="keyword">=</span><span class="default">0</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">&lt;</span><span class="default">max</span><span class="keyword">(</span><span class="default">$array_strlen</span><span class="keyword">); </span><span class="default">$i</span><span class="keyword">++){<br /> foreach (</span><span class="default">$array </span><span class="keyword">as </span><span class="default">$element</span><span class="keyword">){<br /> if (</span><span class="default">$i</span><span class="keyword">&lt;</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$element</span><span class="keyword">)){<br /> </span><span class="default">$twisted</span><span class="keyword">=</span><span class="default">$twisted</span><span class="keyword">.</span><span class="default">$element</span><span class="keyword">{</span><span class="default">$i</span><span class="keyword">};<br /> }<br /> }<br /> }<br /><br /> return </span><span class="default">$twisted</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;<br /></span><br />The twistSTR function basically takes an array input of strings and alternates each character of each string among all the other strings. For example:<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">echo </span><span class="default">twistSTR</span><span class="keyword">(array(</span><span class="string">"this"</span><span class="keyword">,</span><span class="string">"and"</span><span class="keyword">,</span><span class="string">"that"</span><span class="keyword">));</span><span class="comment">//output: tathnhidast<br /></span><span class="default">?&gt;<br /></span><br />It can be applied in the following manner:<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">if (</span><span class="default">$un</span><span class="keyword">===</span><span class="default">$_POST</span><span class="keyword">[</span><span class="string">"username"</span><span class="keyword">] &amp;&amp; </span><span class="default">$pwd</span><span class="keyword">===</span><span class="default">sha1</span><span class="keyword">(</span><span class="default">twistSTR</span><span class="keyword">(array(</span><span class="default">$salt</span><span class="keyword">,</span><span class="default">$_POST</span><span class="keyword">[</span><span class="string">"password"</span><span class="keyword">])))){<br /></span><span class="default">?&gt;<br /></span><br />It's not amazingly difficult to reverse engineer the actual output, but then again, that's not the point. The point is that when a password is entered into one of those databases, they are going to enter for example "thisandthat", not "tathnhidast".</span></code></div> </div> </div> <div class="note" id="87692"> <div class="votes"> <div id="Vu87692"> <a href="/manual/vote-note.php?id=87692&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd87692"> <a href="/manual/vote-note.php?id=87692&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V87692" title="57% like this..."> 3 </div> </div> <a href="#87692" class="name"> <strong class="user"><em>ranko84 at gmail dot com</em></strong></a><a class="genanchor" href="#87692"> &para;</a><div class="date" title="2008-12-16 08:11"><strong>15 years ago</strong></div> <div class="text" id="Hcom87692"> <div class="phpcode"><code><span class="html">Small update..., well more like fix to the obscure function, replace<br /><span class="default">&lt;?php<br /></span><span class="keyword">if (</span><span class="default">$keepLength </span><span class="keyword">!= </span><span class="default">NULL</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$hSLength </span><span class="keyword">!= </span><span class="default">0</span><span class="keyword">)<br /> {<br /> </span><span class="default">$hPassHash </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hPassHash</span><span class="keyword">, </span><span class="default">$hLPosition</span><span class="keyword">, -</span><span class="default">$hRPosition</span><span class="keyword">);<br /> }<br />}<br /></span><span class="default">?&gt;<br /></span><br />with<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">if (</span><span class="default">$keepLength </span><span class="keyword">!= </span><span class="default">NULL</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$hSLength </span><span class="keyword">!= </span><span class="default">0</span><span class="keyword">)<br /> {<br /> if (</span><span class="default">$hRPosition </span><span class="keyword">== </span><span class="default">0</span><span class="keyword">)<br /> {<br /> </span><span class="default">$hPassHash </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hPassHash</span><span class="keyword">, </span><span class="default">$hLPosition</span><span class="keyword">);<br /> }<br /> else<br /> {<br /> </span><span class="default">$hPassHash </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hPassHash</span><span class="keyword">, </span><span class="default">$hLPosition</span><span class="keyword">, -</span><span class="default">$hRPosition</span><span class="keyword">);<br /> }<br /> }<br />}<br /></span><span class="default">?&gt;<br /></span><br />I've been getting few requests to explain how it's used so, this might be little long.<br /><br />Problems:<br />1. In most solutions with hash and salt, you were bound to have one extra row in your database that would state, preferably random, salt for that hashed data. If attacker would manage to get drop of your database he would get hashed data and salt that is used with plain data to make it obscure, and then cracking that hashed data would be same as if you didn't add any salt to it.<br />2. I stumbled upon some functions that would hash data, then input salt into random places in hash and store it in database, but they would still have to write down random parameter used to scramble salt so they could reuse it when validating data. Getting simple database drop wouldn't help much here, but if they would manage to get their hands on obscuring function too, they could easily see what is salt and what hash.<br /><br />Solutions:<br />1. Why use extra row to store salt when you can input it in hash. I'm not sure how attackers determine what type of hash are they facing, but I guess it has connection to hash length. In that case, why make attackers job easier and store in database data_hash+salt where they could assume just by it's length it has salt in there.<br />Reason behind $keepLength. If it's set to 1, strlen of hashed data plus salt would be equal to strlen of hashed data leading attacker to believe there is no salt.<br />If you leave $keepLength on NULL, strlen of final result would be strlen(used_hash_algorithm)+$hSLength.<br />$minhPass is there to reserve enough place for string that has to be hashed, so someone using this function wouldn't accidentally delete it by setting too high salt length ($hSLength), for example... if you set it 30000 it will keep working normal.<br /><br />2. If you think about it, constant, but variable value when making input would be same data that is being input.<br />In case we're trying to hash password, and have user A with password "notme", password strlen equals to 5, and if we use default parameters of the function, with $keepLength set to 1, process would be:<br />random salt, hash it, add first 5 characters of hashed_salt at beginning of plain password, add last 5 characters of hashed_salt at end of plain password, hash it. Replace first 5 characters of hashed_password with first 5 character of hashed_salt, do same with last 5 characters of hashed_password, return hashed_password.<br />In case that string is longer than 10 characters function would use simple mathematics to reduce it to numbers lower than 10, well... lower than number that is stated in $hSLength.<br />And good thing is that every time user enters correct password it has same length so it's not necessary to write it anywhere.<br /><br />So what is achieved in the end?<br />1. Attacker might not know that hash is salted, and you don't have that extra row in your database stating THIS IS SALT FOR THIS HASH.<br />2. If he does find out that it is, he wouldn't know what is hashed password and what is salt.<br />3. If he manages to get access to obscure function, only thing that might help him is value of $hSLength, where if $hSLength is set to 10 he would have to crack 10 variations of hashed string since he doesn't know how long password of user he's trying to crack is.<br />For example first variation would be hashed_password without last 10 characters, second variation would be hashed_password without first character and last 9 characters...<br />4. Even in case he has enough power to crack all 10 variations, resulting string that he might get doesn't necessarily has to be exactly long as password of original user in which case, attacker fails again.</span></code></div> </div> </div> <div class="note" id="39492"> <div class="votes"> <div id="Vu39492"> <a href="/manual/vote-note.php?id=39492&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd39492"> <a href="/manual/vote-note.php?id=39492&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V39492" title="58% like this..."> 2 </div> </div> <a href="#39492" class="name"> <strong class="user"><em>mark at dot BANSPAM dot pronexus dot nl</em></strong></a><a class="genanchor" href="#39492"> &para;</a><div class="date" title="2004-01-30 06:28"><strong>20 years ago</strong></div> <div class="text" id="Hcom39492"> <div class="phpcode"><code><span class="html">Looking for a simple function to implement HMAC-SHA1 but don't want to use the entire PEAR Message lib?<br /><br />//Calculate HMAC-SHA1 according to RFC2104<br />// <a href="http://www.ietf.org/rfc/rfc2104.txt" rel="nofollow" target="_blank">http://www.ietf.org/rfc/rfc2104.txt</a><br />function hmacsha1($key,$data) {<br /> $blocksize=64;<br /> $hashfunc='sha1';<br /> if (strlen($key)&gt;$blocksize)<br /> $key=pack('H*', $hashfunc($key));<br /> $key=str_pad($key,$blocksize,chr(0x00));<br /> $ipad=str_repeat(chr(0x36),$blocksize);<br /> $opad=str_repeat(chr(0x5c),$blocksize);<br /> $hmac = pack(<br /> 'H*',$hashfunc(<br /> ($key^$opad).pack(<br /> 'H*',$hashfunc(<br /> ($key^$ipad).$data<br /> )<br /> )<br /> )<br /> );<br /> return bin2hex($hmac);<br />}<br /><br />It is very useful for client-authentication. see also <a href="http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf" rel="nofollow" target="_blank">http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf</a><br />Optionally you can change $hashfunc to 'md5' to make this an HMAC-MD5 function ;-)<br />If you want raw or base64 output instead of hexadecimal, just change the last return line.<br /><br />Cheers,<br />Mark<br /><br />p.s. the "$hmac =" line used to be 1 line but I had to cut it up in order to fit it here ;)</span></code></div> </div> </div> <div class="note" id="56503"> <div class="votes"> <div id="Vu56503"> <a href="/manual/vote-note.php?id=56503&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd56503"> <a href="/manual/vote-note.php?id=56503&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V56503" title="57% like this..."> 2 </div> </div> <a href="#56503" class="name"> <strong class="user"><em>Dan</em></strong></a><a class="genanchor" href="#56503"> &para;</a><div class="date" title="2005-09-05 10:12"><strong>19 years ago</strong></div> <div class="text" id="Hcom56503"> <div class="phpcode"><code><span class="html">I've noticed websites are now starting to require passwords of a certain length that MUST contain at least 1 non-alphanumeric character. This in itself makes dictionary attacks kind of useless. My web site requires that as well. It uses md5, and appends a site code into the md5 as well. And the include file that contains that site key is outside the public folders. I sure hope I've done enough to keep the bad boys out.</span></code></div> </div> </div> <div class="note" id="70474"> <div class="votes"> <div id="Vu70474"> <a href="/manual/vote-note.php?id=70474&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd70474"> <a href="/manual/vote-note.php?id=70474&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V70474" title="55% like this..."> 4 </div> </div> <a href="#70474" class="name"> <strong class="user"><em>Gregory Boshoff</em></strong></a><a class="genanchor" href="#70474"> &para;</a><div class="date" title="2006-10-18 04:23"><strong>18 years ago</strong></div> <div class="text" id="Hcom70474"> <div class="phpcode"><code><span class="html">Note that the sha1 algorithm has been compromised and is no longer being used by government agencies.<br /><br />As of PHP 5.1.2 a new set of hashing functions are available.<br /><br /><a href="http://www.php.net/manual/en/function.hash.php" rel="nofollow" target="_blank">http://www.php.net/manual/en/function.hash.php</a><br /><br />The new function hash() supports a new range of hashing methods.<br /><br />echo hash('sha256', 'The quick brown fox jumped over the lazy dog.');<br /><br />It is recommended that developers start to future proof their applications by using the stronger sha-2, hashing methods such as sha256, sha384, sha512 or better.<br /><br />As of PHP 5.1.2 hash_algos() returns an array of system specific or registered hashing algorithms methods that are available to PHP.<br /><br />print_r(hash_algos());</span></code></div> </div> </div> <div class="note" id="94326"> <div class="votes"> <div id="Vu94326"> <a href="/manual/vote-note.php?id=94326&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd94326"> <a href="/manual/vote-note.php?id=94326&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V94326" title="52% like this..."> 1 </div> </div> <a href="#94326" class="name"> <strong class="user"><em>Anonymous</em></strong></a><a class="genanchor" href="#94326"> &para;</a><div class="date" title="2009-10-28 05:48"><strong>15 years ago</strong></div> <div class="text" id="Hcom94326"> <div class="phpcode"><code><span class="html">Another solution to the salted hash with salt included directly in the hash, while keeping the same length of the result. If you want to generate a hash, call the function without the second argument. If you want to check a password against a hash, use the hash as the second argument. In this case, the function returns the hash itself on success, or boolean false on failure. You can also specify a hash algorithm as the third argument (otherwise SHA-1 will be used).<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">__hash</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">, </span><span class="default">$obscured </span><span class="keyword">= </span><span class="default">NULL</span><span class="keyword">, </span><span class="default">$algorithm </span><span class="keyword">= </span><span class="string">"sha1"</span><span class="keyword">)<br />{<br /> </span><span class="comment">// whether to use user specified algorithm<br /> </span><span class="default">$mode </span><span class="keyword">= </span><span class="default">in_array</span><span class="keyword">(</span><span class="default">$algorithm</span><span class="keyword">, </span><span class="default">hash_algos</span><span class="keyword">());<br /> </span><span class="comment">// generate random salt<br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">uniqid</span><span class="keyword">(</span><span class="default">mt_rand</span><span class="keyword">(), </span><span class="default">true</span><span class="keyword">);<br /> </span><span class="comment">// hash it<br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">$mode </span><span class="keyword">? </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$algorithm</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">) : </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">);<br /> </span><span class="comment">// get the length<br /> </span><span class="default">$slen </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">);<br /> </span><span class="comment">// compute the actual length of salt we will use<br /> // 1/8 to 1/4 of the hash, with shorter passwords producing longer salts<br /> </span><span class="default">$slen </span><span class="keyword">= </span><span class="default">max</span><span class="keyword">(</span><span class="default">$slen </span><span class="keyword">&gt;&gt; </span><span class="default">3</span><span class="keyword">, (</span><span class="default">$slen </span><span class="keyword">&gt;&gt; </span><span class="default">2</span><span class="keyword">) - </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">));<br /> </span><span class="comment">// if we are checking password against a hash, harvest the actual salt from it, otherwise just cut the salt we already have to the proper size<br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">$obscured </span><span class="keyword">? </span><span class="default">__harvest</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">, </span><span class="default">$slen</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">) : </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">$slen</span><span class="keyword">);<br /> </span><span class="comment">// hash the password - this is maybe unnecessary<br /> </span><span class="default">$hash </span><span class="keyword">= </span><span class="default">$mode </span><span class="keyword">? </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$algorithm</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">) : </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">);<br /> </span><span class="comment">// place the salt in it<br /> </span><span class="default">$hash </span><span class="keyword">= </span><span class="default">__scramble</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">);<br /> </span><span class="comment">// and hash it again<br /> </span><span class="default">$hash </span><span class="keyword">= </span><span class="default">$mode </span><span class="keyword">? </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$algorithm</span><span class="keyword">, </span><span class="default">$hash</span><span class="keyword">) : </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">);<br /> </span><span class="comment">// cut the result so we can add salt and maintain the same length<br /> </span><span class="default">$hash </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">$slen</span><span class="keyword">);<br /> </span><span class="comment">// ... do that<br /> </span><span class="default">$hash </span><span class="keyword">= </span><span class="default">__scramble</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">);<br /> </span><span class="comment">// and return the result<br /> </span><span class="keyword">return </span><span class="default">$obscured </span><span class="keyword">&amp;&amp; </span><span class="default">$obscured </span><span class="keyword">!== </span><span class="default">$hash </span><span class="keyword">? </span><span class="default">false </span><span class="keyword">: </span><span class="default">$hash</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;<br /></span><br />It uses a random, variable length salt, depending on the length of the password. The functions __scramble() and __harvest() are used to place salt into the hash or pull it out respectively. You can write your own, and of course the strength of the result greatly depends on them. They can be relatively simple yet still quite secure:<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">__scramble</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">)<br />{<br /> return </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">)) . </span><span class="default">$salt </span><span class="keyword">. </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">));<br />}<br /><br />function </span><span class="default">__harvest</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">, </span><span class="default">$slen</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">)<br />{<br /> return </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">, </span><span class="default">min</span><span class="keyword">(</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">), </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">) - </span><span class="default">$slen</span><span class="keyword">), </span><span class="default">$slen</span><span class="keyword">);<br />}<br /></span><span class="default">?&gt;<br /></span><br />Or they can be ridiculously complicated (my favourite kind):<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">__scramble</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">)<br />{<br /> </span><span class="default">$k </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">); </span><span class="default">$j </span><span class="keyword">= </span><span class="default">$k </span><span class="keyword">= </span><span class="default">$k </span><span class="keyword">&gt; </span><span class="default">0 </span><span class="keyword">? </span><span class="default">$k </span><span class="keyword">: </span><span class="default">1</span><span class="keyword">; </span><span class="default">$p </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$index </span><span class="keyword">= array(); </span><span class="default">$out </span><span class="keyword">= </span><span class="string">""</span><span class="keyword">; </span><span class="default">$m </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">); </span><span class="default">$i</span><span class="keyword">++)<br /> {<br /> </span><span class="default">$c </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">, </span><span class="default">$p</span><span class="keyword">, </span><span class="default">1</span><span class="keyword">);<br /> </span><span class="default">$j </span><span class="keyword">= </span><span class="default">pow</span><span class="keyword">(</span><span class="default">$j </span><span class="keyword">+ (</span><span class="default">$c </span><span class="keyword">!== </span><span class="default">false </span><span class="keyword">? </span><span class="default">ord</span><span class="keyword">(</span><span class="default">$c</span><span class="keyword">) : </span><span class="default">0</span><span class="keyword">), </span><span class="default">2</span><span class="keyword">) % (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">) + </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">));<br /> while (</span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">$j</span><span class="keyword">, </span><span class="default">$index</span><span class="keyword">))<br /> </span><span class="default">$j </span><span class="keyword">= ++</span><span class="default">$j </span><span class="keyword">% (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">) + </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">));<br /> </span><span class="default">$index</span><span class="keyword">[</span><span class="default">$j</span><span class="keyword">] = </span><span class="default">$i</span><span class="keyword">;<br /> </span><span class="default">$p </span><span class="keyword">= ++</span><span class="default">$p </span><span class="keyword">% </span><span class="default">$k</span><span class="keyword">;<br /> }<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hash</span><span class="keyword">) + </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">); </span><span class="default">$i</span><span class="keyword">++)<br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">array_key_exists</span><span class="keyword">(</span><span class="default">$i</span><span class="keyword">, </span><span class="default">$index</span><span class="keyword">) ? </span><span class="default">$salt</span><span class="keyword">[</span><span class="default">$index</span><span class="keyword">[</span><span class="default">$i</span><span class="keyword">]] : </span><span class="default">$hash</span><span class="keyword">[</span><span class="default">$m</span><span class="keyword">++];<br /> return </span><span class="default">$out</span><span class="keyword">;<br />}<br /><br />function </span><span class="default">__harvest</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">, </span><span class="default">$slen</span><span class="keyword">, </span><span class="default">$password</span><span class="keyword">)<br />{<br /> </span><span class="default">$k </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">); </span><span class="default">$j </span><span class="keyword">= </span><span class="default">$k </span><span class="keyword">= </span><span class="default">$k </span><span class="keyword">&gt; </span><span class="default">0 </span><span class="keyword">? </span><span class="default">$k </span><span class="keyword">: </span><span class="default">1</span><span class="keyword">; </span><span class="default">$p </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$index </span><span class="keyword">= array(); </span><span class="default">$out </span><span class="keyword">= </span><span class="string">""</span><span class="keyword">;<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$slen</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++)<br /> {<br /> </span><span class="default">$c </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">, </span><span class="default">$p</span><span class="keyword">, </span><span class="default">1</span><span class="keyword">);<br /> </span><span class="default">$j </span><span class="keyword">= </span><span class="default">pow</span><span class="keyword">(</span><span class="default">$j </span><span class="keyword">+ (</span><span class="default">$c </span><span class="keyword">!== </span><span class="default">false </span><span class="keyword">? </span><span class="default">ord</span><span class="keyword">(</span><span class="default">$c</span><span class="keyword">) : </span><span class="default">0</span><span class="keyword">), </span><span class="default">2</span><span class="keyword">) % </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">);<br /> while (</span><span class="default">in_array</span><span class="keyword">(</span><span class="default">$j</span><span class="keyword">, </span><span class="default">$index</span><span class="keyword">))<br /> </span><span class="default">$j </span><span class="keyword">= ++</span><span class="default">$j </span><span class="keyword">% </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$obscured</span><span class="keyword">);<br /> </span><span class="default">$index</span><span class="keyword">[</span><span class="default">$i</span><span class="keyword">] = </span><span class="default">$j</span><span class="keyword">;<br /> </span><span class="default">$p </span><span class="keyword">= ++</span><span class="default">$p </span><span class="keyword">% </span><span class="default">$k</span><span class="keyword">;<br /> }<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$slen</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++)<br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">$obscured</span><span class="keyword">[</span><span class="default">$index</span><span class="keyword">[</span><span class="default">$i</span><span class="keyword">]];<br /> return </span><span class="default">$out</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="47609"> <div class="votes"> <div id="Vu47609"> <a href="/manual/vote-note.php?id=47609&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd47609"> <a href="/manual/vote-note.php?id=47609&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V47609" title="53% like this..."> 1 </div> </div> <a href="#47609" class="name"> <strong class="user"><em>sinatosk at gmail dot com</em></strong></a><a class="genanchor" href="#47609"> &para;</a><div class="date" title="2004-11-22 12:43"><strong>20 years ago</strong></div> <div class="text" id="Hcom47609"> <div class="phpcode"><code><span class="html">Heres an SHA1 function that will work on it's own completely. This is for users who are using below PHP 4.3.0. it works same as PHP5 ( being able to return raw output ).<br /><br /><span class="default">&lt;?php<br /><br /></span><span class="comment">/*<br />** Date modified: 1st October 2004 20:09 GMT<br />*<br />** PHP implementation of the Secure Hash Algorithm ( SHA-1 )<br />*<br />** This code is available under the GNU Lesser General Public License:<br />** <a href="http://www.gnu.org/licenses/lgpl.txt" rel="nofollow" target="_blank">http://www.gnu.org/licenses/lgpl.txt</a><br />*<br />** Based on the PHP implementation by Marcus Campbell<br />** <a href="http://www.tecknik.net/sha-1/" rel="nofollow" target="_blank">http://www.tecknik.net/sha-1/</a><br />*<br />** This is a slightly modified version by me Jerome Clarke ( sinatosk@gmail.com )<br />** because I feel more comfortable with this<br />*/<br /><br /></span><span class="keyword">function </span><span class="default">sha1_str2blks_SHA1</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">)<br />{<br /> </span><span class="default">$strlen_str </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">);<br /> <br /> </span><span class="default">$nblk </span><span class="keyword">= ((</span><span class="default">$strlen_str </span><span class="keyword">+ </span><span class="default">8</span><span class="keyword">) &gt;&gt; </span><span class="default">6</span><span class="keyword">) + </span><span class="default">1</span><span class="keyword">;<br /> <br /> for (</span><span class="default">$i</span><span class="keyword">=</span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$nblk </span><span class="keyword">* </span><span class="default">16</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++) </span><span class="default">$blks</span><span class="keyword">[</span><span class="default">$i</span><span class="keyword">] = </span><span class="default">0</span><span class="keyword">;<br /> <br /> for (</span><span class="default">$i</span><span class="keyword">=</span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$strlen_str</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++)<br /> {<br /> </span><span class="default">$blks</span><span class="keyword">[</span><span class="default">$i </span><span class="keyword">&gt;&gt; </span><span class="default">2</span><span class="keyword">] |= </span><span class="default">ord</span><span class="keyword">(</span><span class="default">substr</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">, </span><span class="default">$i</span><span class="keyword">, </span><span class="default">1</span><span class="keyword">)) &lt;&lt; (</span><span class="default">24 </span><span class="keyword">- (</span><span class="default">$i </span><span class="keyword">% </span><span class="default">4</span><span class="keyword">) * </span><span class="default">8</span><span class="keyword">);<br /> }<br /> <br /> </span><span class="default">$blks</span><span class="keyword">[</span><span class="default">$i </span><span class="keyword">&gt;&gt; </span><span class="default">2</span><span class="keyword">] |= </span><span class="default">0x80 </span><span class="keyword">&lt;&lt; (</span><span class="default">24 </span><span class="keyword">- (</span><span class="default">$i </span><span class="keyword">% </span><span class="default">4</span><span class="keyword">) * </span><span class="default">8</span><span class="keyword">);<br /> </span><span class="default">$blks</span><span class="keyword">[</span><span class="default">$nblk </span><span class="keyword">* </span><span class="default">16 </span><span class="keyword">- </span><span class="default">1</span><span class="keyword">] = </span><span class="default">$strlen_str </span><span class="keyword">* </span><span class="default">8</span><span class="keyword">;<br /> <br /> return </span><span class="default">$blks</span><span class="keyword">;<br />}<br /><br />function </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$x</span><span class="keyword">, </span><span class="default">$y</span><span class="keyword">)<br />{<br /> </span><span class="default">$lsw </span><span class="keyword">= (</span><span class="default">$x </span><span class="keyword">&amp; </span><span class="default">0xFFFF</span><span class="keyword">) + (</span><span class="default">$y </span><span class="keyword">&amp; </span><span class="default">0xFFFF</span><span class="keyword">);<br /> </span><span class="default">$msw </span><span class="keyword">= (</span><span class="default">$x </span><span class="keyword">&gt;&gt; </span><span class="default">16</span><span class="keyword">) + (</span><span class="default">$y </span><span class="keyword">&gt;&gt; </span><span class="default">16</span><span class="keyword">) + (</span><span class="default">$lsw </span><span class="keyword">&gt;&gt; </span><span class="default">16</span><span class="keyword">);<br /> <br /> return (</span><span class="default">$msw </span><span class="keyword">&lt;&lt; </span><span class="default">16</span><span class="keyword">) | (</span><span class="default">$lsw </span><span class="keyword">&amp; </span><span class="default">0xFFFF</span><span class="keyword">);<br />}<br /><br />function </span><span class="default">sha1_rol</span><span class="keyword">(</span><span class="default">$num</span><span class="keyword">, </span><span class="default">$cnt</span><span class="keyword">)<br />{<br /> return (</span><span class="default">$num </span><span class="keyword">&lt;&lt; </span><span class="default">$cnt</span><span class="keyword">) | </span><span class="default">sha1_zeroFill</span><span class="keyword">(</span><span class="default">$num</span><span class="keyword">, </span><span class="default">32 </span><span class="keyword">- </span><span class="default">$cnt</span><span class="keyword">); <br />}<br /><br />function </span><span class="default">sha1_zeroFill</span><span class="keyword">(</span><span class="default">$a</span><span class="keyword">, </span><span class="default">$b</span><span class="keyword">)<br />{<br /> </span><span class="default">$bin </span><span class="keyword">= </span><span class="default">decbin</span><span class="keyword">(</span><span class="default">$a</span><span class="keyword">);<br /> <br /> </span><span class="default">$strlen_bin </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$bin</span><span class="keyword">);<br /> <br /> </span><span class="default">$bin </span><span class="keyword">= </span><span class="default">$strlen_bin </span><span class="keyword">&lt; </span><span class="default">$b </span><span class="keyword">? </span><span class="default">0 </span><span class="keyword">: </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$bin</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">$strlen_bin </span><span class="keyword">- </span><span class="default">$b</span><span class="keyword">);<br /> <br /> for (</span><span class="default">$i</span><span class="keyword">=</span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$b</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++) </span><span class="default">$bin </span><span class="keyword">= </span><span class="string">'0'</span><span class="keyword">.</span><span class="default">$bin</span><span class="keyword">;<br /> <br /> return </span><span class="default">bindec</span><span class="keyword">(</span><span class="default">$bin</span><span class="keyword">);<br />}<br /><br />function </span><span class="default">sha1_ft</span><span class="keyword">(</span><span class="default">$t</span><span class="keyword">, </span><span class="default">$b</span><span class="keyword">, </span><span class="default">$c</span><span class="keyword">, </span><span class="default">$d</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">20</span><span class="keyword">) return (</span><span class="default">$b </span><span class="keyword">&amp; </span><span class="default">$c</span><span class="keyword">) | ((~</span><span class="default">$b</span><span class="keyword">) &amp; </span><span class="default">$d</span><span class="keyword">);<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">40</span><span class="keyword">) return </span><span class="default">$b </span><span class="keyword">^ </span><span class="default">$c </span><span class="keyword">^ </span><span class="default">$d</span><span class="keyword">;<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">60</span><span class="keyword">) return (</span><span class="default">$b </span><span class="keyword">&amp; </span><span class="default">$c</span><span class="keyword">) | (</span><span class="default">$b </span><span class="keyword">&amp; </span><span class="default">$d</span><span class="keyword">) | (</span><span class="default">$c </span><span class="keyword">&amp; </span><span class="default">$d</span><span class="keyword">);<br /> <br /> return </span><span class="default">$b </span><span class="keyword">^ </span><span class="default">$c </span><span class="keyword">^ </span><span class="default">$d</span><span class="keyword">;<br />}<br /><br />function </span><span class="default">sha1_kt</span><span class="keyword">(</span><span class="default">$t</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">20</span><span class="keyword">) return </span><span class="default">1518500249</span><span class="keyword">;<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">40</span><span class="keyword">) return </span><span class="default">1859775393</span><span class="keyword">;<br /> if (</span><span class="default">$t </span><span class="keyword">&lt; </span><span class="default">60</span><span class="keyword">) return -</span><span class="default">1894007588</span><span class="keyword">;<br /> <br /> return -</span><span class="default">899497514</span><span class="keyword">;<br />}<br /><br />function </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">, </span><span class="default">$raw_output</span><span class="keyword">=</span><span class="default">FALSE</span><span class="keyword">)<br />{<br /> if ( </span><span class="default">$raw_output </span><span class="keyword">=== </span><span class="default">TRUE </span><span class="keyword">) return </span><span class="default">pack</span><span class="keyword">(</span><span class="string">'H*'</span><span class="keyword">, </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">, </span><span class="default">FALSE</span><span class="keyword">));<br /> <br /> </span><span class="default">$x </span><span class="keyword">= </span><span class="default">sha1_str2blks_SHA1</span><span class="keyword">(</span><span class="default">$str</span><span class="keyword">);<br /> </span><span class="default">$a </span><span class="keyword">= </span><span class="default">1732584193</span><span class="keyword">;<br /> </span><span class="default">$b </span><span class="keyword">= -</span><span class="default">271733879</span><span class="keyword">;<br /> </span><span class="default">$c </span><span class="keyword">= -</span><span class="default">1732584194</span><span class="keyword">;<br /> </span><span class="default">$d </span><span class="keyword">= </span><span class="default">271733878</span><span class="keyword">;<br /> </span><span class="default">$e </span><span class="keyword">= -</span><span class="default">1009589776</span><span class="keyword">;<br /> <br /> </span><span class="default">$x_count </span><span class="keyword">= </span><span class="default">count</span><span class="keyword">(</span><span class="default">$x</span><span class="keyword">);<br /> <br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$x_count</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">+= </span><span class="default">16</span><span class="keyword">)<br /> {<br /> </span><span class="default">$olda </span><span class="keyword">= </span><span class="default">$a</span><span class="keyword">;<br /> </span><span class="default">$oldb </span><span class="keyword">= </span><span class="default">$b</span><span class="keyword">;<br /> </span><span class="default">$oldc </span><span class="keyword">= </span><span class="default">$c</span><span class="keyword">;<br /> </span><span class="default">$oldd </span><span class="keyword">= </span><span class="default">$d</span><span class="keyword">;<br /> </span><span class="default">$olde </span><span class="keyword">= </span><span class="default">$e</span><span class="keyword">;<br /> <br /> for (</span><span class="default">$j </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$j </span><span class="keyword">&lt; </span><span class="default">80</span><span class="keyword">; </span><span class="default">$j</span><span class="keyword">++)<br /> {<br /> </span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j</span><span class="keyword">] = (</span><span class="default">$j </span><span class="keyword">&lt; </span><span class="default">16</span><span class="keyword">) ? </span><span class="default">$x</span><span class="keyword">[</span><span class="default">$i </span><span class="keyword">+ </span><span class="default">$j</span><span class="keyword">] : </span><span class="default">sha1_rol</span><span class="keyword">(</span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j </span><span class="keyword">- </span><span class="default">3</span><span class="keyword">] ^ </span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j </span><span class="keyword">- </span><span class="default">8</span><span class="keyword">] ^ </span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j </span><span class="keyword">- </span><span class="default">14</span><span class="keyword">] ^ </span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j </span><span class="keyword">- </span><span class="default">16</span><span class="keyword">], </span><span class="default">1</span><span class="keyword">);<br /> <br /> </span><span class="default">$t </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">sha1_rol</span><span class="keyword">(</span><span class="default">$a</span><span class="keyword">, </span><span class="default">5</span><span class="keyword">), </span><span class="default">sha1_ft</span><span class="keyword">(</span><span class="default">$j</span><span class="keyword">, </span><span class="default">$b</span><span class="keyword">, </span><span class="default">$c</span><span class="keyword">, </span><span class="default">$d</span><span class="keyword">)), </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$e</span><span class="keyword">, </span><span class="default">$w</span><span class="keyword">[</span><span class="default">$j</span><span class="keyword">]), </span><span class="default">sha1_kt</span><span class="keyword">(</span><span class="default">$j</span><span class="keyword">)));<br /> </span><span class="default">$e </span><span class="keyword">= </span><span class="default">$d</span><span class="keyword">;<br /> </span><span class="default">$d </span><span class="keyword">= </span><span class="default">$c</span><span class="keyword">;<br /> </span><span class="default">$c </span><span class="keyword">= </span><span class="default">sha1_rol</span><span class="keyword">(</span><span class="default">$b</span><span class="keyword">, </span><span class="default">30</span><span class="keyword">);<br /> </span><span class="default">$b </span><span class="keyword">= </span><span class="default">$a</span><span class="keyword">;<br /> </span><span class="default">$a </span><span class="keyword">= </span><span class="default">$t</span><span class="keyword">;<br /> }<br /> <br /> </span><span class="default">$a </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$a</span><span class="keyword">, </span><span class="default">$olda</span><span class="keyword">);<br /> </span><span class="default">$b </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$b</span><span class="keyword">, </span><span class="default">$oldb</span><span class="keyword">);<br /> </span><span class="default">$c </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$c</span><span class="keyword">, </span><span class="default">$oldc</span><span class="keyword">);<br /> </span><span class="default">$d </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$d</span><span class="keyword">, </span><span class="default">$oldd</span><span class="keyword">);<br /> </span><span class="default">$e </span><span class="keyword">= </span><span class="default">sha1_safe_add</span><span class="keyword">(</span><span class="default">$e</span><span class="keyword">, </span><span class="default">$olde</span><span class="keyword">);<br /> }<br /> <br /> return </span><span class="default">sprintf</span><span class="keyword">(</span><span class="string">'%08x%08x%08x%08x%08x'</span><span class="keyword">, </span><span class="default">$a</span><span class="keyword">, </span><span class="default">$b</span><span class="keyword">, </span><span class="default">$c</span><span class="keyword">, </span><span class="default">$d</span><span class="keyword">, </span><span class="default">$e</span><span class="keyword">);<br />}<br /><br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="47097"> <div class="votes"> <div id="Vu47097"> <a href="/manual/vote-note.php?id=47097&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd47097"> <a href="/manual/vote-note.php?id=47097&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V47097" title="53% like this..."> 1 </div> </div> <a href="#47097" class="name"> <strong class="user"><em>rsemirag at yahoo dot com</em></strong></a><a class="genanchor" href="#47097"> &para;</a><div class="date" title="2004-11-02 10:34"><strong>20 years ago</strong></div> <div class="text" id="Hcom47097"> <div class="phpcode"><code><span class="html">If you're struggling to generate an SHA encoded password for LDAP (PHP &lt; 5.0), what you end up needing is this:<br /><br />$userpassword = base64_encode(pack("H*", sha1($pass)));<br /><br />I found this in the OpenLDAP FAQ (many thanks to Google and Ace), though I'm using the iPlanet LDAP server.<br /><br />Ray Semiraglio</span></code></div> </div> </div> <div class="note" id="121919"> <div class="votes"> <div id="Vu121919"> <a href="/manual/vote-note.php?id=121919&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd121919"> <a href="/manual/vote-note.php?id=121919&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V121919" title="50% like this..."> 0 </div> </div> <a href="#121919" class="name"> <strong class="user"><em>hkmaly</em></strong></a><a class="genanchor" href="#121919"> &para;</a><div class="date" title="2017-11-27 10:16"><strong>7 years ago</strong></div> <div class="text" id="Hcom121919"> <div class="phpcode"><code><span class="html">Note: Before you get some idea like using sha1 with password as way to prevent others tampering with message, read pages "Length extension attack" and "Hash-based message authentication code" on wikipedia. In short, naive constructions can be dangerously insecure. Use hash_hmac if available or reimplement HMAC properly without shortcuts, like already shown in comment from mark at dot BANSPAM dot pronexus dot nl.</span></code></div> </div> </div> <div class="note" id="56941"> <div class="votes"> <div id="Vu56941"> <a href="/manual/vote-note.php?id=56941&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd56941"> <a href="/manual/vote-note.php?id=56941&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V56941" title="50% like this..."> 0 </div> </div> <a href="#56941" class="name"> <strong class="user"><em>php at REMOVEMEkennel17 dot co dot uk</em></strong></a><a class="genanchor" href="#56941"> &para;</a><div class="date" title="2005-09-19 06:52"><strong>19 years ago</strong></div> <div class="text" id="Hcom56941"> <div class="phpcode"><code><span class="html">It should be noted that sha1("") does not return an empty string. This means that if you are running a system that does not require users to have a password, the following code will not work as expected:<br /><br /><span class="default">&lt;?php <br /></span><span class="keyword">if (</span><span class="default">$StoredPassword </span><span class="keyword">== </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$NewPassword</span><span class="keyword">)) <br /> </span><span class="comment">// Password good<br /></span><span class="default">?&gt;</span> <br /><br />If $StoredPassword and $NewPassword are both blank, then the password should be treated as good, but because sha1("") != "" it will be treated as bad. To get the correct behaviour you need to use:<br /><br /><span class="default">&lt;?php <br /></span><span class="keyword">if ((</span><span class="default">$StoredPassword </span><span class="keyword">== </span><span class="string">"" </span><span class="keyword">&amp;&amp; </span><span class="default">$NewPassword </span><span class="keyword">== </span><span class="string">""</span><span class="keyword">) || (</span><span class="default">$StoredPassword </span><span class="keyword">== </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$NewPassword</span><span class="keyword">)))<br /> </span><span class="comment">// Password good<br /></span><span class="default">?&gt;</span> <br /><br />(Note: I use a custom IsBlank() function instead of comparison against the empty string, so NULL values are also matched.)<br /><br />For reference, here are a couple of special values put through sha1(). Note that sha1("") == sha1(NULL) == sha1(false), and also that sha1(0) != sha1(false)<br /><br />"" -&gt; da39a3ee5e6b4b0d3255bfef95601890afd80709<br />NULL -&gt; da39a3ee5e6b4b0d3255bfef95601890afd80709<br />0 -&gt; b6589fc6ab0dc82cf12099d1c2d40ab994e8410c<br />1 -&gt; 356a192b7913b04c54574d18c28d46e6395428ab<br />false -&gt; da39a3ee5e6b4b0d3255bfef95601890afd80709<br />true -&gt; 356a192b7913b04c54574d18c28d46e6395428ab</span></code></div> </div> </div> <div class="note" id="55435"> <div class="votes"> <div id="Vu55435"> <a href="/manual/vote-note.php?id=55435&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd55435"> <a href="/manual/vote-note.php?id=55435&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V55435" title="50% like this..."> 0 </div> </div> <a href="#55435" class="name"> <strong class="user"><em>WTM</em></strong></a><a class="genanchor" href="#55435"> &para;</a><div class="date" title="2005-08-03 07:30"><strong>19 years ago</strong></div> <div class="text" id="Hcom55435"> <div class="phpcode"><code><span class="html">Actually, the post by Helpful Harry won't improve your security except for the most simple break in attempts. Since the random seed is attached to the end of the password hash, if you steal the hashed password, you steal the seed.<br /><br />That means you can write a simple php program to call the pw_check function Harry included from a loop, feeding it dictionary words or random characters.<br /><br />Of course, if you modified the program to use the seed in a more complicated way, "they" would have to know the new function's operation. But then again, if someone can steal your password database, they can probably steal your website code (or guess it).</span></code></div> </div> </div> <div class="note" id="103024"> <div class="votes"> <div id="Vu103024"> <a href="/manual/vote-note.php?id=103024&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd103024"> <a href="/manual/vote-note.php?id=103024&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V103024" title="46% like this..."> -1 </div> </div> <a href="#103024" class="name"> <strong class="user"><em>mgcummings at yahoo dot com</em></strong></a><a class="genanchor" href="#103024"> &para;</a><div class="date" title="2011-03-21 12:46"><strong>13 years ago</strong></div> <div class="text" id="Hcom103024"> <div class="phpcode"><code><span class="html">Thought I might save someone else some time trying to figure out how to generate a hash like MySQL5 PASSWORD() makes using just PHP.<br /><br />$hash = '*' . sha1(sha1($pass), TRUE));</span></code></div> </div> </div> <div class="note" id="66239"> <div class="votes"> <div id="Vu66239"> <a href="/manual/vote-note.php?id=66239&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd66239"> <a href="/manual/vote-note.php?id=66239&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V66239" title="47% like this..."> -1 </div> </div> <a href="#66239" class="name"> <strong class="user"><em>erling dot westenvik at gmail dot com</em></strong></a><a class="genanchor" href="#66239"> &para;</a><div class="date" title="2006-05-17 06:15"><strong>18 years ago</strong></div> <div class="text" id="Hcom66239"> <div class="phpcode"><code><span class="html">Regarding php at REMOVEMEkennel17 dot co dot uk's note below:<br /><br />The phrase: "To get the correct behaviour", would perhaps be better off if it read: "To get the wanted (but not recommended) behaviour".<br /><br />Always honor the expected data types for functions: sha1 expects a string as input, and returns a string on exit. NULL, TRUE and FALSE are not string data types. The string "" is a string as good as "any". By following the "logic" that sha1("") should return "", then what should sha1("a") return? "b"? "c"?<br /><br />An authentication system that allows for blank passwords is not really an authentication system in the first place. What you are describing is merely a way to tell the application that you want to see data in some specific context, like sorted by user name, etc. Create other tools for this purpose and leave the authentication system to deal with what it is supposed to do: Granting users access to restricted data and blocking other users from seeing the same data.<br /><br />Don't store passwords in clear text, but salt and encrypt them. That way it makes perfect sense having <span class="default">&lt;?php $sStoredPwd </span><span class="keyword">=== </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$sStoredSalt </span><span class="keyword">. </span><span class="default">$_POST</span><span class="keyword">[</span><span class="string">"sTypedPwd"</span><span class="keyword">]); </span><span class="default">?&gt;</span>, even with a blank "password". No other person than the user itself, not even the programmer, should know the password or be able to guess it. If the user forgets the password, a new one must be generated.<br /><br />Regards,<br />Erling</span></code></div> </div> </div> <div class="note" id="86172"> <div class="votes"> <div id="Vu86172"> <a href="/manual/vote-note.php?id=86172&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd86172"> <a href="/manual/vote-note.php?id=86172&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V86172" title="45% like this..."> -1 </div> </div> <a href="#86172" class="name"> <strong class="user"><em>Andr D</em></strong></a><a class="genanchor" href="#86172"> &para;</a><div class="date" title="2008-10-06 12:01"><strong>16 years ago</strong></div> <div class="text" id="Hcom86172"> <div class="phpcode"><code><span class="html">Sometimes you want the digest in both readable notation (such as hexadecimal) and raw binary. At other times you want the digest in a notation other than hexadecimal.<br /><br />The following getDigestNotation() function takes a binary string and returns it in base 2, 4, 8, 16, 32, or 64 notation. It works with sha1(), md5(), hash(), or anything else that can output a raw binary string.<br /><br />It works similar to the session.hash_bits_per_character php.ini configuration option.<br /><br />You can specify which characters to use for each position, or use the default, which matches session.hash_bits_per_character (0-9, a-z, A-Z, "-", ","). The practical range of bits to use per character ($bitsPerCharacter) is 1 to 6; you may use more, but you will have to provide your own base character string ($chars) that is at least pow(2, $bitsPerCharacter) characters long. So even with 7 bits per character you need to specify a value for $chars that is 128 characters long, which exceeds the number of printable ASCII characters.<br /><br />The output's radix relates to the value of $bitsPerCharacter as follows:<br />1: base-2 (binary)<br />2: base-4<br />3: base-8 (octal)<br />4: base-16 (hexadecimal)<br />5: base-32<br />6: base-64<br /><br /><span class="default">&lt;?php<br />$raw </span><span class="keyword">= </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">uniqid</span><span class="keyword">(</span><span class="default">mt_rand</span><span class="keyword">(), </span><span class="default">TRUE</span><span class="keyword">), </span><span class="default">TRUE</span><span class="keyword">);<br /><br />echo </span><span class="default">getDigestNotation</span><span class="keyword">(</span><span class="default">$raw</span><span class="keyword">, </span><span class="default">6</span><span class="keyword">);<br /><br />function </span><span class="default">getDigestNotation</span><span class="keyword">(</span><span class="default">$rawDigest</span><span class="keyword">, </span><span class="default">$bitsPerCharacter</span><span class="keyword">, </span><span class="default">$chars </span><span class="keyword">= </span><span class="default">NULL</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$chars </span><span class="keyword">=== </span><span class="default">NULL </span><span class="keyword">|| </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &lt; </span><span class="default">2</span><span class="keyword">) {<br /> </span><span class="default">$chars </span><span class="string">'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-,'</span><span class="keyword">;<br /> }<br /><br /> if (</span><span class="default">$bitsPerCharacter </span><span class="keyword">&lt; </span><span class="default">1</span><span class="keyword">) {<br /> </span><span class="comment">// $bitsPerCharacter must be at least 1<br /> </span><span class="default">$bitsPerCharacter </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">;<br /><br /> } elseif (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &lt; </span><span class="default">pow</span><span class="keyword">(</span><span class="default">2</span><span class="keyword">, </span><span class="default">$bitsPerCharacter</span><span class="keyword">)) {<br /> </span><span class="comment">// Character length of $chars is too small for $bitsPerCharacter<br /> // Set $bitsPerCharacter to greatest value allowed by length of $chars<br /> </span><span class="default">$bitsPerCharacter </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">;<br /><br /> do {<br /> </span><span class="default">$bitsPerCharacter</span><span class="keyword">++;<br /> } while (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$chars</span><span class="keyword">) &gt; </span><span class="default">pow</span><span class="keyword">(</span><span class="default">2</span><span class="keyword">, </span><span class="default">$bitsPerCharacter</span><span class="keyword">));<br /> }<br /><br /> </span><span class="default">$bytes </span><span class="keyword">= </span><span class="default">unpack</span><span class="keyword">(</span><span class="string">'C*'</span><span class="keyword">, </span><span class="default">$rawDigest</span><span class="keyword">);<br /> </span><span class="default">$byteCount </span><span class="keyword">= </span><span class="default">count</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /><br /> </span><span class="default">$out </span><span class="keyword">= </span><span class="string">''</span><span class="keyword">;<br /> </span><span class="default">$byte </span><span class="keyword">= </span><span class="default">array_shift</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /><br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt; </span><span class="default">$byteCount </span><span class="keyword">* </span><span class="default">8 </span><span class="keyword">/ </span><span class="default">$bitsPerCharacter</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++) {<br /><br /> if (</span><span class="default">$bitsRead </span><span class="keyword">+ </span><span class="default">$bitsPerCharacter </span><span class="keyword">&gt; </span><span class="default">8</span><span class="keyword">) {<br /> </span><span class="comment">// Not enough bits remain in this byte for the current character<br /> // Get remaining bits and get next byte<br /> </span><span class="default">$oldBits </span><span class="keyword">= </span><span class="default">$byte </span><span class="keyword">- (</span><span class="default">$byte </span><span class="keyword">&gt;&gt; </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead </span><span class="keyword">&lt;&lt; </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead</span><span class="keyword">);<br /><br /> if (</span><span class="default">count</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">) == </span><span class="default">0</span><span class="keyword">) {<br /> </span><span class="comment">// Last bits; match final character and exit loop<br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">$chars</span><span class="keyword">[</span><span class="default">$oldBits</span><span class="keyword">];<br /> break;<br /> }<br /><br /> </span><span class="default">$oldBitCount </span><span class="keyword">= </span><span class="default">8 </span><span class="keyword">- </span><span class="default">$bitsRead</span><span class="keyword">;<br /> </span><span class="default">$byte </span><span class="keyword">= </span><span class="default">array_shift</span><span class="keyword">(</span><span class="default">$bytes</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /><br /> } else {<br /> </span><span class="default">$oldBitCount </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /> }<br /><br /> </span><span class="comment">// Read only the needed bits from this byte<br /> </span><span class="default">$bits </span><span class="keyword">= </span><span class="default">$byte </span><span class="keyword">&gt;&gt; </span><span class="default">8 </span><span class="keyword">- (</span><span class="default">$bitsRead </span><span class="keyword">+ (</span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">));<br /> </span><span class="default">$bits </span><span class="keyword">= </span><span class="default">$bits </span><span class="keyword">- (</span><span class="default">$bits </span><span class="keyword">&gt;&gt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount </span><span class="keyword">&lt;&lt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">);<br /> </span><span class="default">$bitsRead </span><span class="keyword">+= </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">;<br /><br /> if (</span><span class="default">$oldBitCount </span><span class="keyword">&gt; </span><span class="default">0</span><span class="keyword">) {<br /> </span><span class="comment">// Bits come from seperate bytes, add $oldBits to $bits<br /> </span><span class="default">$bits </span><span class="keyword">= (</span><span class="default">$oldBits </span><span class="keyword">&lt;&lt; </span><span class="default">$bitsPerCharacter </span><span class="keyword">- </span><span class="default">$oldBitCount</span><span class="keyword">) | </span><span class="default">$bits</span><span class="keyword">;<br /> }<br /><br /> </span><span class="default">$out </span><span class="keyword">.= </span><span class="default">$chars</span><span class="keyword">[</span><span class="default">$bits</span><span class="keyword">];<br /> }<br /><br /> return </span><span class="default">$out</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;<br /></span><br />Lastly, depending on the digest length, there may be fewer bits remaining for the last character than $bitsPerCharacter, so the last character will be smaller. The same thing happens with PHP's session ID generator, when 5 or 6 is used for session.hash_bits_per_character.</span></code></div> </div> </div> <div class="note" id="83079"> <div class="votes"> <div id="Vu83079"> <a href="/manual/vote-note.php?id=83079&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd83079"> <a href="/manual/vote-note.php?id=83079&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V83079" title="45% like this..."> -1 </div> </div> <a href="#83079" class="name"> <strong class="user"><em>ranko84 at gmail dot com</em></strong></a><a class="genanchor" href="#83079"> &para;</a><div class="date" title="2008-05-08 07:12"><strong>16 years ago</strong></div> <div class="text" id="Hcom83079"> <div class="phpcode"><code><span class="html">Thanks for the feedback. This should do the trick, I hope.<br />I think that I haven't understood this sentence completely "In this case you will need the salt to reside in the database along with the username and password." As in, were you refering to previous method, this method or this function.<br />Salt already resides in database along with username, password, or any string you decide to hash. This function just scrambles it depending on length of string (password) user enters so that attacker has trouble finding out what is salt and what is hash, if attacker even suspects that there is salt (reasons behind $keepLength, or defining $hSLength where you could set it to 24 leading attacker to believe he's facing sha256, not sha1).<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">obscure </span><span class="keyword">(</span><span class="default">$hString</span><span class="keyword">, </span><span class="default">$hDecode </span><span class="keyword">= </span><span class="default">NULL</span><span class="keyword">, </span><span class="default">$hSLength </span><span class="keyword">= </span><span class="default">10</span><span class="keyword">, </span><span class="default">$keepLength </span><span class="keyword">= </span><span class="default">NULL</span><span class="keyword">, </span><span class="default">$minhPass </span><span class="keyword">= </span><span class="default">10</span><span class="keyword">, </span><span class="default">$hMethod </span><span class="keyword">= </span><span class="default">sha1</span><span class="keyword">)<br />{<br /> if (</span><span class="default">$hDecode </span><span class="keyword">== </span><span class="default">NULL</span><span class="keyword">)<br /> {<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">&lt;</span><span class="default">16</span><span class="keyword">; </span><span class="default">$i</span><span class="keyword">++)<br /> {<br /> <br /> </span><span class="default">$hSalt </span><span class="keyword">= </span><span class="default">rand</span><span class="keyword">(</span><span class="default">33</span><span class="keyword">, </span><span class="default">255</span><span class="keyword">);<br /> </span><span class="default">$hRandomSalt </span><span class="keyword">.= </span><span class="default">chr</span><span class="keyword">(</span><span class="default">$hSalt</span><span class="keyword">);<br /> }<br /> </span><span class="default">$hRandomSalt </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$hMethod</span><span class="keyword">, </span><span class="default">$hRandomSalt</span><span class="keyword">);<br /> }<br /> else<br /> {<br /> </span><span class="default">$hRandomSalt </span><span class="keyword">= </span><span class="default">$hDecode</span><span class="keyword">;<br /> }<br /><br /> if (</span><span class="default">$keepLength </span><span class="keyword">!= </span><span class="default">NULL</span><span class="keyword">)<br /> {<br /> <br /> if (</span><span class="default">$hSLength </span><span class="keyword">&gt; (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hRandomSalt</span><span class="keyword">) - </span><span class="default">$minhPass</span><span class="keyword">))<br /> {<br /> </span><span class="default">$hSLength </span><span class="keyword">= (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hRandomSalt</span><span class="keyword">) - </span><span class="default">$minhPass</span><span class="keyword">);<br /> }<br /> }<br /> else if (</span><span class="default">$hSLength </span><span class="keyword">&lt; </span><span class="default">0</span><span class="keyword">)<br /> {<br /> </span><span class="default">$hSLength </span><span class="keyword">= </span><span class="default">0</span><span class="keyword">;<br /> }<br /><br /> </span><span class="default">$hLPosition </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$hString</span><span class="keyword">);<br /><br /> while (</span><span class="default">$hLPosition </span><span class="keyword">&gt; </span><span class="default">$hSLength</span><span class="keyword">)<br /> {<br /> </span><span class="default">$hNumber </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hLPosition</span><span class="keyword">, -</span><span class="default">1</span><span class="keyword">);<br /> <br /> </span><span class="default">$hLPosition </span><span class="keyword">= </span><span class="default">$hLPosition </span><span class="keyword">* (</span><span class="default">$hNumber</span><span class="keyword">/</span><span class="default">10</span><span class="keyword">);<br /> }<br /><br /> </span><span class="default">$hLPosition </span><span class="keyword">= (integer)</span><span class="default">$hLPosition</span><span class="keyword">;<br /> </span><span class="default">$hRPosition </span><span class="keyword">= </span><span class="default">$hSLength </span><span class="keyword">- </span><span class="default">$hLPosition</span><span class="keyword">;<br /><br /> </span><span class="default">$hFSalt </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hRandomSalt</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">$hLPosition</span><span class="keyword">);<br /> </span><span class="default">$hLSalt </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hRandomSalt</span><span class="keyword">, -</span><span class="default">$hRPosition</span><span class="keyword">, </span><span class="default">$hRPosition</span><span class="keyword">);<br /><br /> </span><span class="default">$hPassHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$hMethod</span><span class="keyword">, (</span><span class="default">$hLSalt </span><span class="keyword">. </span><span class="default">$hString </span><span class="keyword">. </span><span class="default">$hFSalt</span><span class="keyword">));<br /><br /> if (</span><span class="default">$keepLength </span><span class="keyword">!= </span><span class="default">NULL</span><span class="keyword">)<br /> {<br /> if (</span><span class="default">$hSLength </span><span class="keyword">!= </span><span class="default">0</span><span class="keyword">)<br /> {<br /> </span><span class="default">$hPassHash </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$hPassHash</span><span class="keyword">, </span><span class="default">$hLPosition</span><span class="keyword">, -</span><span class="default">$hRPosition</span><span class="keyword">);<br /> }<br /> }<br /><br /> return </span><span class="default">$hFSalt </span><span class="keyword">. </span><span class="default">$hPassHash </span><span class="keyword">. </span><span class="default">$hLSalt</span><span class="keyword">;<br />}<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="101087"> <div class="votes"> <div id="Vu101087"> <a href="/manual/vote-note.php?id=101087&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd101087"> <a href="/manual/vote-note.php?id=101087&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V101087" title="44% like this..."> -1 </div> </div> <a href="#101087" class="name"> <strong class="user"><em>rich dot sage at gmail dot com</em></strong></a><a class="genanchor" href="#101087"> &para;</a><div class="date" title="2010-11-25 12:59"><strong>14 years ago</strong></div> <div class="text" id="Hcom101087"> <div class="phpcode"><code><span class="html">If you're using Dovecot for mail retrieval and you want to generate SHA1 passwords yourself, you'll need to set the raw_output value to true, then base64_encode the output:<br /><br /><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">makeDovecotPassword</span><span class="keyword">(</span><span class="default">$input</span><span class="keyword">)<br />{<br /> return </span><span class="string">'{SHA}' </span><span class="keyword">. </span><span class="default">base64_encode</span><span class="keyword">(</span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$input</span><span class="keyword">, </span><span class="default">true</span><span class="keyword">));<br />}<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="109602"> <div class="votes"> <div id="Vu109602"> <a href="/manual/vote-note.php?id=109602&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd109602"> <a href="/manual/vote-note.php?id=109602&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V109602" title="44% like this..."> -4 </div> </div> <a href="#109602" class="name"> <strong class="user"><em>php at wbhostmax dot de</em></strong></a><a class="genanchor" href="#109602"> &para;</a><div class="date" title="2012-08-01 10:57"><strong>12 years ago</strong></div> <div class="text" id="Hcom109602"> <div class="phpcode"><code><span class="html"><span class="default">&lt;?php<br /></span><span class="keyword">function </span><span class="default">DoubleSaltedHash</span><span class="keyword">(</span><span class="default">$pw</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">) {<br /> return </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">.</span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">.</span><span class="default">sha1</span><span class="keyword">(</span><span class="default">$pw</span><span class="keyword">)));<br />}<br /><br />function </span><span class="default">generate_salt</span><span class="keyword">() {<br /> </span><span class="default">$dummy </span><span class="keyword">= </span><span class="default">array_merge</span><span class="keyword">(</span><span class="default">range</span><span class="keyword">(</span><span class="string">'0'</span><span class="keyword">, </span><span class="string">'9'</span><span class="keyword">));<br /> </span><span class="default">mt_srand</span><span class="keyword">((double)</span><span class="default">microtime</span><span class="keyword">()*</span><span class="default">1000000</span><span class="keyword">);<br /> for (</span><span class="default">$i </span><span class="keyword">= </span><span class="default">1</span><span class="keyword">; </span><span class="default">$i </span><span class="keyword">&lt;= (</span><span class="default">count</span><span class="keyword">(</span><span class="default">$dummy</span><span class="keyword">)*</span><span class="default">2</span><span class="keyword">); </span><span class="default">$i</span><span class="keyword">++)<br /> {<br /> </span><span class="default">$swap </span><span class="keyword">= </span><span class="default">mt_rand</span><span class="keyword">(</span><span class="default">0</span><span class="keyword">,</span><span class="default">count</span><span class="keyword">(</span><span class="default">$dummy</span><span class="keyword">)-</span><span class="default">1</span><span class="keyword">);<br /> </span><span class="default">$tmp </span><span class="keyword">= </span><span class="default">$dummy</span><span class="keyword">[</span><span class="default">$swap</span><span class="keyword">];<br /> </span><span class="default">$dummy</span><span class="keyword">[</span><span class="default">$swap</span><span class="keyword">] = </span><span class="default">$dummy</span><span class="keyword">[</span><span class="default">0</span><span class="keyword">];<br /> </span><span class="default">$dummy</span><span class="keyword">[</span><span class="default">0</span><span class="keyword">] = </span><span class="default">$tmp</span><span class="keyword">;<br /> }<br /> return </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">substr</span><span class="keyword">(</span><span class="default">implode</span><span class="keyword">(</span><span class="string">''</span><span class="keyword">,</span><span class="default">$dummy</span><span class="keyword">),</span><span class="default">0</span><span class="keyword">,</span><span class="default">9</span><span class="keyword">));<br />}<br /></span><span class="default">$pw</span><span class="keyword">=</span><span class="string">"geheim"<br /></span><span class="default">$salt</span><span class="keyword">=</span><span class="default">generate_salt</span><span class="keyword">();<br />echo </span><span class="string">"hash:"</span><span class="keyword">.</span><span class="default">DoubleSaltedHash</span><span class="keyword">(</span><span class="default">$pw</span><span class="keyword">, </span><span class="default">$salt</span><span class="keyword">);<br /><br /></span><span class="default">?&gt;<br /></span><br />this is my way to crypt passwords</span></code></div> </div> </div> <div class="note" id="37442"> <div class="votes"> <div id="Vu37442"> <a href="/manual/vote-note.php?id=37442&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd37442"> <a href="/manual/vote-note.php?id=37442&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V37442" title="44% like this..."> -1 </div> </div> <a href="#37442" class="name"> <strong class="user"><em>labarks</em></strong></a><a class="genanchor" href="#37442"> &para;</a><div class="date" title="2003-11-15 03:06"><strong>21 years ago</strong></div> <div class="text" id="Hcom37442"> <div class="phpcode"><code><span class="html">Append this to the your sha1lib file to make it more portable. If your version of php does support sha1() then it will try to use Mhash or else it will use the sha1lib. Use $sha1 if you want to display which is being used.<br /><br />if ( function_exists('sha1') )<br /> $sha1 = "sha1";<br /><br />if ( !function_exists('sha1') &amp;&amp; function_exists('mhash'))<br />{<br /> function sha1($hash_source) <br /> {<br /> $hash = mhash(MHASH_SHA1, $hash_source);<br /> $hex_hash = bin2hex($hash);<br /> return $hex_hash;<br /> } <br /> $sha1 = "Mhash";<br />}<br />if ( !function_exists('sha1') &amp;&amp; !function_exists('mhash'))<br />{<br /> function sha1( $string, $raw_output = false )<br /> {<br /> $library = new Sha1Lib();<br /> <br /> return $raw_output ? $library-&gt;str_sha1($string) : $library-&gt;hex_sha1($string);<br /> }<br /> $sha1 = "sha1lib";<br />}</span></code></div> </div> </div> <div class="note" id="77817"> <div class="votes"> <div id="Vu77817"> <a href="/manual/vote-note.php?id=77817&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd77817"> <a href="/manual/vote-note.php?id=77817&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V77817" title="40% like this..."> -1 </div> </div> <a href="#77817" class="name"> <strong class="user"><em>NoName</em></strong></a><a class="genanchor" href="#77817"> &para;</a><div class="date" title="2007-09-13 03:26"><strong>17 years ago</strong></div> <div class="text" id="Hcom77817"> <div class="phpcode"><code><span class="html">Regarding the twistSTR - the problem is that currently it is relatively easy to generate a collision for any alphanumeric plaintext of a given, short length via e.g. a rainbow table. You're bettter off using a sufficiently lengthy and random salt.</span></code></div> </div> </div> <div class="note" id="88057"> <div class="votes"> <div id="Vu88057"> <a href="/manual/vote-note.php?id=88057&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd88057"> <a href="/manual/vote-note.php?id=88057&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V88057" title="37% like this..."> -2 </div> </div> <a href="#88057" class="name"> <strong class="user"><em>mVamer</em></strong></a><a class="genanchor" href="#88057"> &para;</a><div class="date" title="2009-01-07 05:49"><strong>15 years ago</strong></div> <div class="text" id="Hcom88057"> <div class="phpcode"><code><span class="html">If I correctly understand what ranko84 is on about, this would be a simpler function with roughly the same result. <br /> <br /><span class="default">&lt;?php <br /></span><span class="keyword">function </span><span class="default">obscure</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">, </span><span class="default">$algorythm </span><span class="keyword">= </span><span class="string">"sha1"</span><span class="keyword">) <br />{ <br /> </span><span class="comment">// Get some random salt, or verify a salt. <br /> // Added by (grosbedo AT gmail DOT com) <br /> </span><span class="keyword">if (</span><span class="default">$salt </span><span class="keyword">== </span><span class="default">NULL</span><span class="keyword">) <br /> { <br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$algorythm</span><span class="keyword">, </span><span class="default">uniqid</span><span class="keyword">(</span><span class="default">rand</span><span class="keyword">(), </span><span class="default">true</span><span class="keyword">)); <br /> } <br /> <br /> </span><span class="comment">// Determine the length of the hash. <br /> </span><span class="default">$hash_length </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">); <br /> <br /> </span><span class="comment">// Determine the length of the password. <br /> </span><span class="default">$password_length </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$password</span><span class="keyword">); <br /> <br /> </span><span class="comment">// Determine the maximum length of password. This is only needed if <br /> // the user enters a very long password. In any case, the salt will <br /> // be a maximum of half the end result. The longer the hash, the <br /> // longer the password/salt can be. <br /> </span><span class="default">$password_max_length </span><span class="keyword">= </span><span class="default">$hash_length </span><span class="keyword">/ </span><span class="default">2</span><span class="keyword">; <br /> <br /> </span><span class="comment">// Shorten the salt based on the length of the password. <br /> </span><span class="keyword">if (</span><span class="default">$password_length </span><span class="keyword">&gt;= </span><span class="default">$password_max_length</span><span class="keyword">) <br /> { <br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">$password_max_length</span><span class="keyword">); <br /> } <br /> else <br /> { <br /> </span><span class="default">$salt </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">, </span><span class="default">0</span><span class="keyword">, </span><span class="default">$password_length</span><span class="keyword">); <br /> } <br /> <br /> </span><span class="comment">// Determine the length of the salt. <br /> </span><span class="default">$salt_length </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$salt</span><span class="keyword">); <br /> <br /> </span><span class="comment">// Determine the salted hashed password. <br /> </span><span class="default">$salted_password </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$algorythm</span><span class="keyword">, </span><span class="default">$salt </span><span class="keyword">. </span><span class="default">$password</span><span class="keyword">); <br /> <br /> </span><span class="comment">// If we add the salt to the hashed password, we would get a hash that <br /> // is longer than a normally hashed password. We don't want that; it <br /> // would give away hints to an attacker. Because the password and the <br /> // length of the password are known, we can just throw away the first <br /> // couple of characters of the salted password. That way the salt and <br /> // the salted password together are the same length as a normally <br /> // hashed password without salt. <br /> </span><span class="default">$used_chars </span><span class="keyword">= (</span><span class="default">$hash_length </span><span class="keyword">- </span><span class="default">$salt_length</span><span class="keyword">) * -</span><span class="default">1</span><span class="keyword">; <br /> </span><span class="default">$final_result </span><span class="keyword">= </span><span class="default">$salt </span><span class="keyword">. </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$salted_password</span><span class="keyword">, </span><span class="default">$used_chars</span><span class="keyword">); <br /> <br /> return </span><span class="default">$final_result</span><span class="keyword">; <br />} <br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="50169"> <div class="votes"> <div id="Vu50169"> <a href="/manual/vote-note.php?id=50169&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd50169"> <a href="/manual/vote-note.php?id=50169&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V50169" title="37% like this..."> -2 </div> </div> <a href="#50169" class="name"> <strong class="user"><em>svn at datapirate dot de</em></strong></a><a class="genanchor" href="#50169"> &para;</a><div class="date" title="2005-02-20 05:26"><strong>19 years ago</strong></div> <div class="text" id="Hcom50169"> <div class="phpcode"><code><span class="html">Wanna use SHA-2 algorithm? Try this:<br /><br />Download Tar-Ball from <a href="http://www.adg.us/computers/sha.html" rel="nofollow" target="_blank">http://www.adg.us/computers/sha.html</a><br />Compile (may occur some warnings) and test it:<br /><br />cc -O2 -DSHA2_UNROLL_TRANSFORM -Wall -o sha2 sha2prog.c sha2.c<br />./sha2test.pl<br /><br />Copy it to /usr/local/bin/ (don't forget to check permissions)<br /><br />Here are two functions that could be used with:<br /><br />function sha2($bits, $string){<br /> $sha2bin="/usr/local/bin/sha2";<br /> $echocmd="echo";<br /> if(!in_array($bits, array(256, 384, 512)))return(false);<br /> $r=exec($echocmd." ".escapeshellarg($string)."|".$sha2bin." -q -".$bits, $sha2);<br /> return($sha2[0]);<br />}<br /><br />function sha2_file($bits, $filename){<br /> $sha2bin="/usr/local/bin/sha2";<br /> if(!in_array($bits, array(256, 384, 512)))return(false);<br /> if(!file_exists($filename)||!is_readable($filename))return(false);<br /> $r=exec($sha2bin." -q -".$bits." ".escapeshellarg($filename), $sha2);<br /> return($sha2[0]);<br />}<br /><br />and use it like below:<br /><br /><span class="default">&lt;?php<br />$str </span><span class="keyword">= </span><span class="string">'apple'</span><span class="keyword">;<br />if (</span><span class="default">sha2</span><span class="keyword">(</span><span class="default">256</span><span class="keyword">, </span><span class="default">$str</span><span class="keyword">) === </span><span class="string">'303980bcb9e9e6cdec515230791af8b0ab1aaa244b58a8d99152673aa22197d0'</span><span class="keyword">) {<br /> echo </span><span class="string">"Would you like a green or red apple?"</span><span class="keyword">;<br /> exit;<br />}<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="90301"> <div class="votes"> <div id="Vu90301"> <a href="/manual/vote-note.php?id=90301&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd90301"> <a href="/manual/vote-note.php?id=90301&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V90301" title="35% like this..."> -4 </div> </div> <a href="#90301" class="name"> <strong class="user"><em>paul</em></strong></a><a class="genanchor" href="#90301"> &para;</a><div class="date" title="2009-04-15 06:57"><strong>15 years ago</strong></div> <div class="text" id="Hcom90301"> <div class="phpcode"><code><span class="html">I believe this offers best amount of protection using a random salt, that has to be stored so it can be used later for verification. <br /> <br />If no salt is given (which can be retrieved by halving the output and taking the first half), then it will generate a random salt, hash it, place it in a position relative to the length of password (between 0 and length of hash type(sha1? md5?)) within the hashed password, and then hash the complete string. <br /> <br />This results in a password hash using a salt that is dynamically placed dependant on password length. The salt used is then appended to the front of the finished hash so it can be retrieved later on for verifying. <br /> <br />Seeing as users will choose a typical password of between 5 and say 15 characters long, this gives them an extra 10 times the amount of dictionary attacks to try out with the hash as it could be placed in any position, because this is a random generated salt too, it means at least 10 dictionary attacks (with possiblity of upto 40) for each instance a password is created, to try and work out your sha1 encrypted password. <br /> <br />If you change your password say every month, even if someone gets a look in at your file through a local exploit, the amount of time to work out your password would far outweigh the frequency at which you change it. <br /> <br />Nothing is secure, but this should take them longer to work out then the time you change it. That is at least by todays technologies. <br /> <br />Paul <br /> <br /><span class="default">&lt;?php <br /> </span><span class="keyword">function </span><span class="default">createHash</span><span class="keyword">(</span><span class="default">$inText</span><span class="keyword">, </span><span class="default">$saltHash</span><span class="keyword">=</span><span class="default">NULL</span><span class="keyword">, </span><span class="default">$mode</span><span class="keyword">=</span><span class="string">'sha1'</span><span class="keyword">){ <br /> </span><span class="comment">// hash the text // <br /> </span><span class="default">$textHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$mode</span><span class="keyword">, </span><span class="default">$inText</span><span class="keyword">); <br /> </span><span class="comment">// set where salt will appear in hash // <br /> </span><span class="default">$saltStart </span><span class="keyword">= </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$inText</span><span class="keyword">); <br /> </span><span class="comment">// if no salt given create random one // <br /> </span><span class="keyword">if(</span><span class="default">$saltHash </span><span class="keyword">== </span><span class="default">NULL</span><span class="keyword">) { <br /> </span><span class="default">$saltHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$mode</span><span class="keyword">, </span><span class="default">uniqid</span><span class="keyword">(</span><span class="default">rand</span><span class="keyword">(), </span><span class="default">true</span><span class="keyword">)); <br /> } <br /> </span><span class="comment">// add salt into text hash at pass length position and hash it // <br /> </span><span class="keyword">if(</span><span class="default">$saltStart </span><span class="keyword">&gt; </span><span class="default">0 </span><span class="keyword">&amp;&amp; </span><span class="default">$saltStart </span><span class="keyword">&lt; </span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$saltHash</span><span class="keyword">)) { <br /> </span><span class="default">$textHashStart </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$textHash</span><span class="keyword">,</span><span class="default">0</span><span class="keyword">,</span><span class="default">$saltStart</span><span class="keyword">); <br /> </span><span class="default">$textHashEnd </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">$textHash</span><span class="keyword">,</span><span class="default">$saltStart</span><span class="keyword">,</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$saltHash</span><span class="keyword">)); <br /> </span><span class="default">$outHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$mode</span><span class="keyword">, </span><span class="default">$textHashEnd</span><span class="keyword">.</span><span class="default">$saltHash</span><span class="keyword">.</span><span class="default">$textHashStart</span><span class="keyword">); <br /> } elseif(</span><span class="default">$saltStart </span><span class="keyword">&gt; (</span><span class="default">strlen</span><span class="keyword">(</span><span class="default">$saltHash</span><span class="keyword">)-</span><span class="default">1</span><span class="keyword">)) { <br /> </span><span class="default">$outHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$mode</span><span class="keyword">, </span><span class="default">$textHash</span><span class="keyword">.</span><span class="default">$saltHash</span><span class="keyword">); <br /> } else { <br /> </span><span class="default">$outHash </span><span class="keyword">= </span><span class="default">hash</span><span class="keyword">(</span><span class="default">$mode</span><span class="keyword">, </span><span class="default">$saltHash</span><span class="keyword">.</span><span class="default">$textHash</span><span class="keyword">); <br /> } <br /> </span><span class="comment">// put salt at front of hash // <br /> </span><span class="default">$output </span><span class="keyword">= </span><span class="default">$saltHash</span><span class="keyword">.</span><span class="default">$outHash</span><span class="keyword">; <br /> return </span><span class="default">$output</span><span class="keyword">; <br /> } <br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="40226"> <div class="votes"> <div id="Vu40226"> <a href="/manual/vote-note.php?id=40226&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd40226"> <a href="/manual/vote-note.php?id=40226&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V40226" title="36% like this..."> -3 </div> </div> <a href="#40226" class="name"> <strong class="user"><em>brian_bisaillon at rogers dot com</em></strong></a><a class="genanchor" href="#40226"> &para;</a><div class="date" title="2004-02-25 08:19"><strong>20 years ago</strong></div> <div class="text" id="Hcom40226"> <div class="phpcode"><code><span class="html">Source code to create SSHA passwords...<br /><br />public function HashPassword($password)<br />{<br /> mt_srand((double)microtime()*1000000);<br /> $salt = mhash_keygen_s2k(MHASH_SHA1, $password, substr(pack('h*', md5(mt_rand())), 0, 8), 4);<br /> $hash = "{SSHA}".base64_encode(mhash(MHASH_SHA1, $password.$salt).$salt);<br /> return $hash;<br />}<br /><br />Source code to validate SSHA passwords...<br /><br />public function ValidatePassword($password, $hash)<br />{<br /> $hash = base64_decode(substr($hash, 6));<br /> $original_hash = substr($hash, 0, 20);<br /> $salt = substr($hash, 20);<br /> $new_hash = mhash(MHASH_SHA1, $password . $salt);<br /> if (strcmp($original_hash, $new_hash) == 0)<br /> ... do something because your password is valid ...<br /> else<br /> echo 'Unauthorized: Authorization has been refused for the credentials you provided. Please login with a valid username and password.';<br /> ... be sure to clear your session data ...<br />}<br /><br />Note: The format is compatible with OpenLDAP's SSHA scheme if I'm not mistaken.</span></code></div> </div> </div> <div class="note" id="52372"> <div class="votes"> <div id="Vu52372"> <a href="/manual/vote-note.php?id=52372&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd52372"> <a href="/manual/vote-note.php?id=52372&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V52372" title="33% like this..."> -1 </div> </div> <a href="#52372" class="name"> <strong class="user"><em>alex at milivojevic dot org</em></strong></a><a class="genanchor" href="#52372"> &para;</a><div class="date" title="2005-04-28 02:12"><strong>19 years ago</strong></div> <div class="text" id="Hcom52372"> <div class="phpcode"><code><span class="html">Regarding my previous comment, if you want to be on the safe side and use only ASCII printable seeds (shouldn't matter for SSHA seeds), something like this could be used:<br /><br /><span class="default">&lt;?php<br />$salt </span><span class="keyword">= </span><span class="default">substr</span><span class="keyword">(</span><span class="default">base64_encode</span><span class="keyword">(</span><span class="default">pack</span><span class="keyword">(</span><span class="string">"H*"</span><span class="keyword">, </span><span class="default">sha1</span><span class="keyword">(</span><span class="default">mt_rand</span><span class="keyword">()))), </span><span class="default">0</span><span class="keyword">, </span><span class="default">4</span><span class="keyword">);<br /></span><span class="default">?&gt;</span></span></code></div> </div> </div> <div class="note" id="121967"> <div class="votes"> <div id="Vu121967"> <a href="/manual/vote-note.php?id=121967&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd121967"> <a href="/manual/vote-note.php?id=121967&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V121967" title="0% like this..."> -4 </div> </div> <a href="#121967" class="name"> <strong class="user"><em>cneeds athome dot co dot bw</em></strong></a><a class="genanchor" href="#121967"> &para;</a><div class="date" title="2017-12-02 03:20"><strong>7 years ago</strong></div> <div class="text" id="Hcom121967"> <div class="phpcode"><code><span class="html">The most secure way of sending passwords I have found so far <br /><br />is to first ask for and receive a one-time code from the server<br /><br />and mask (hash) the password being sent back to the server with the one-time code.</span></code></div> </div> </div> <div class="note" id="118770"> <div class="votes"> <div id="Vu118770"> <a href="/manual/vote-note.php?id=118770&amp;page=function.sha1&amp;vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd118770"> <a href="/manual/vote-note.php?id=118770&amp;page=function.sha1&amp;vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V118770" title="0% like this..."> -3 </div> </div> <a href="#118770" class="name"> <strong class="user"><em>jcastromail at yahoo dot es</em></strong></a><a class="genanchor" href="#118770"> &para;</a><div class="date" title="2016-02-02 08:15"><strong>8 years ago</strong></div> <div class="text" id="Hcom118770"> <div class="phpcode"><code><span class="html">Hi there:<br /><br />About the complexity of sha1, sha1 generates a code a different code each 1,4615016373309029182036848327163e+48 (2 ^ 160 bits). So the chances of the use of the same hash is really small.<br /><br />The "problem" of sha1 (and md5) is the speed of the generation. However, the speed is proportional with the length of the text to encrypt. <br /><br />However, using a SALT, it increases tenfold times the security, even for a weak password.<br /><br />In gross terms, a password of 6 characters can be hacked in a minute (if its store in md5 or sha). However, a password of 7 characters takes an hour, a password of 8 a year and a password of more than 8 character is virtually inviable of hack.<br /><br />However, if we used an SALT (a secret salt btw), then even a password of 3 characters will be really safe.<br /><br />sha1('SALT SECRET TEXT!!@@@aaa0000'.'123');<br /><br />And a double sha1 will ensure more safety <br /><br />sha1(sha1('SALT SECRET TEXT'.'123',false),false)<br /><br />It will require a rainbow table of 20 characters, enough big to be absurdly safe even for a thousand of servers running during a year.</span></code></div> </div> </div></div> <div class="foot"><a href="/manual/add-note.php?sect=function.sha1&amp;repo=de&amp;redirect=https://www.php.net/manual/de/function.sha1.php">+<small>add a note</small></a></div> </section> </section><!-- layout-content --> <aside class='layout-menu'> <ul class='parent-menu-list'> <li> <a href="ref.strings.php">String-Funktionen</a> <ul class='child-menu-list'> <li class=""> <a href="function.addcslashes.php" title="addcslashes">addcslashes</a> </li> <li class=""> <a href="function.addslashes.php" title="addslashes">addslashes</a> </li> <li class=""> <a href="function.bin2hex.php" title="bin2hex">bin2hex</a> </li> <li class=""> <a href="function.chop.php" title="chop">chop</a> </li> <li class=""> <a href="function.chr.php" title="chr">chr</a> </li> <li class=""> <a href="function.chunk-split.php" title="chunk_&#8203;split">chunk_&#8203;split</a> </li> <li class=""> <a href="function.convert-uudecode.php" title="convert_&#8203;uudecode">convert_&#8203;uudecode</a> </li> <li class=""> <a href="function.convert-uuencode.php" title="convert_&#8203;uuencode">convert_&#8203;uuencode</a> </li> <li class=""> <a href="function.count-chars.php" title="count_&#8203;chars">count_&#8203;chars</a> </li> <li class=""> <a href="function.crc32.php" title="crc32">crc32</a> </li> <li class=""> <a href="function.crypt.php" title="crypt">crypt</a> </li> <li class=""> <a href="function.echo.php" title="echo">echo</a> </li> <li class=""> <a href="function.explode.php" title="explode">explode</a> </li> <li class=""> <a href="function.fprintf.php" title="fprintf">fprintf</a> </li> <li class=""> <a href="function.get-html-translation-table.php" title="get_&#8203;html_&#8203;translation_&#8203;table">get_&#8203;html_&#8203;translation_&#8203;table</a> </li> <li class=""> <a href="function.hebrev.php" title="hebrev">hebrev</a> </li> <li class=""> <a href="function.hex2bin.php" title="hex2bin">hex2bin</a> </li> <li class=""> <a href="function.html-entity-decode.php" title="html_&#8203;entity_&#8203;decode">html_&#8203;entity_&#8203;decode</a> </li> <li class=""> <a href="function.htmlentities.php" title="htmlentities">htmlentities</a> </li> <li class=""> <a href="function.htmlspecialchars.php" title="htmlspecialchars">htmlspecialchars</a> </li> <li class=""> <a href="function.htmlspecialchars-decode.php" title="htmlspecialchars_&#8203;decode">htmlspecialchars_&#8203;decode</a> </li> <li class=""> <a href="function.implode.php" title="implode">implode</a> </li> <li class=""> <a href="function.join.php" title="join">join</a> </li> <li class=""> <a href="function.lcfirst.php" title="lcfirst">lcfirst</a> </li> <li class=""> <a href="function.levenshtein.php" title="levenshtein">levenshtein</a> </li> <li class=""> <a href="function.localeconv.php" title="localeconv">localeconv</a> </li> <li class=""> <a href="function.ltrim.php" title="ltrim">ltrim</a> </li> <li class=""> <a href="function.md5.php" title="md5">md5</a> </li> <li class=""> <a href="function.md5-file.php" title="md5_&#8203;file">md5_&#8203;file</a> </li> <li class=""> <a href="function.metaphone.php" title="metaphone">metaphone</a> </li> <li class=""> <a href="function.money-format.php" title="money_&#8203;format">money_&#8203;format</a> </li> <li class=""> <a href="function.nl-langinfo.php" title="nl_&#8203;langinfo">nl_&#8203;langinfo</a> </li> <li class=""> <a href="function.nl2br.php" title="nl2br">nl2br</a> </li> <li class=""> <a href="function.number-format.php" title="number_&#8203;format">number_&#8203;format</a> </li> <li class=""> <a href="function.ord.php" title="ord">ord</a> </li> <li class=""> <a href="function.parse-str.php" title="parse_&#8203;str">parse_&#8203;str</a> </li> <li class=""> <a href="function.print.php" title="print">print</a> </li> <li class=""> <a href="function.printf.php" title="printf">printf</a> </li> <li class=""> <a href="function.quoted-printable-decode.php" title="quoted_&#8203;printable_&#8203;decode">quoted_&#8203;printable_&#8203;decode</a> </li> <li class=""> <a href="function.quoted-printable-encode.php" title="quoted_&#8203;printable_&#8203;encode">quoted_&#8203;printable_&#8203;encode</a> </li> <li class=""> <a href="function.quotemeta.php" title="quotemeta">quotemeta</a> </li> <li class=""> <a href="function.rtrim.php" title="rtrim">rtrim</a> </li> <li class=""> <a href="function.setlocale.php" title="setlocale">setlocale</a> </li> <li class="current"> <a href="function.sha1.php" title="sha1">sha1</a> </li> <li class=""> <a href="function.sha1-file.php" title="sha1_&#8203;file">sha1_&#8203;file</a> </li> <li class=""> <a href="function.similar-text.php" title="similar_&#8203;text">similar_&#8203;text</a> </li> <li class=""> <a href="function.soundex.php" title="soundex">soundex</a> </li> <li class=""> <a href="function.sprintf.php" title="sprintf">sprintf</a> </li> <li class=""> <a href="function.sscanf.php" title="sscanf">sscanf</a> </li> <li class=""> <a href="function.str-contains.php" title="str_&#8203;contains">str_&#8203;contains</a> </li> <li class=""> <a href="function.str-decrement.php" title="str_&#8203;decrement">str_&#8203;decrement</a> </li> <li class=""> <a href="function.str-ends-with.php" title="str_&#8203;ends_&#8203;with">str_&#8203;ends_&#8203;with</a> </li> <li class=""> <a href="function.str-getcsv.php" title="str_&#8203;getcsv">str_&#8203;getcsv</a> </li> <li class=""> <a href="function.str-increment.php" title="str_&#8203;increment">str_&#8203;increment</a> </li> <li class=""> <a href="function.str-ireplace.php" title="str_&#8203;ireplace">str_&#8203;ireplace</a> </li> <li class=""> <a href="function.str-pad.php" title="str_&#8203;pad">str_&#8203;pad</a> </li> <li class=""> <a href="function.str-repeat.php" title="str_&#8203;repeat">str_&#8203;repeat</a> </li> <li class=""> <a href="function.str-replace.php" title="str_&#8203;replace">str_&#8203;replace</a> </li> <li class=""> <a href="function.str-rot13.php" title="str_&#8203;rot13">str_&#8203;rot13</a> </li> <li class=""> <a href="function.str-shuffle.php" title="str_&#8203;shuffle">str_&#8203;shuffle</a> </li> <li class=""> <a href="function.str-split.php" title="str_&#8203;split">str_&#8203;split</a> </li> <li class=""> <a href="function.str-starts-with.php" title="str_&#8203;starts_&#8203;with">str_&#8203;starts_&#8203;with</a> </li> <li class=""> <a href="function.str-word-count.php" title="str_&#8203;word_&#8203;count">str_&#8203;word_&#8203;count</a> </li> <li class=""> <a href="function.strcasecmp.php" title="strcasecmp">strcasecmp</a> </li> <li class=""> <a href="function.strchr.php" title="strchr">strchr</a> </li> <li class=""> <a href="function.strcmp.php" title="strcmp">strcmp</a> </li> <li class=""> <a href="function.strcoll.php" title="strcoll">strcoll</a> </li> <li class=""> <a href="function.strcspn.php" title="strcspn">strcspn</a> </li> <li class=""> <a href="function.strip-tags.php" title="strip_&#8203;tags">strip_&#8203;tags</a> </li> <li class=""> <a href="function.stripcslashes.php" title="stripcslashes">stripcslashes</a> </li> <li class=""> <a href="function.stripos.php" title="stripos">stripos</a> </li> <li class=""> <a href="function.stripslashes.php" title="stripslashes">stripslashes</a> </li> <li class=""> <a href="function.stristr.php" title="stristr">stristr</a> </li> <li class=""> <a href="function.strlen.php" title="strlen">strlen</a> </li> <li class=""> <a href="function.strnatcasecmp.php" title="strnatcasecmp">strnatcasecmp</a> </li> <li class=""> <a href="function.strnatcmp.php" title="strnatcmp">strnatcmp</a> </li> <li class=""> <a href="function.strncasecmp.php" title="strncasecmp">strncasecmp</a> </li> <li class=""> <a href="function.strncmp.php" title="strncmp">strncmp</a> </li> <li class=""> <a href="function.strpbrk.php" title="strpbrk">strpbrk</a> </li> <li class=""> <a href="function.strpos.php" title="strpos">strpos</a> </li> <li class=""> <a href="function.strrchr.php" title="strrchr">strrchr</a> </li> <li class=""> <a href="function.strrev.php" title="strrev">strrev</a> </li> <li class=""> <a href="function.strripos.php" title="strripos">strripos</a> </li> <li class=""> <a href="function.strrpos.php" title="strrpos">strrpos</a> </li> <li class=""> <a href="function.strspn.php" title="strspn">strspn</a> </li> <li class=""> <a href="function.strstr.php" title="strstr">strstr</a> </li> <li class=""> <a href="function.strtok.php" title="strtok">strtok</a> </li> <li class=""> <a href="function.strtolower.php" title="strtolower">strtolower</a> </li> <li class=""> <a href="function.strtoupper.php" title="strtoupper">strtoupper</a> </li> <li class=""> <a href="function.strtr.php" title="strtr">strtr</a> </li> <li class=""> <a href="function.substr.php" title="substr">substr</a> </li> <li class=""> <a href="function.substr-compare.php" title="substr_&#8203;compare">substr_&#8203;compare</a> </li> <li class=""> <a href="function.substr-count.php" title="substr_&#8203;count">substr_&#8203;count</a> </li> <li class=""> <a href="function.substr-replace.php" title="substr_&#8203;replace">substr_&#8203;replace</a> </li> <li class=""> <a href="function.trim.php" title="trim">trim</a> </li> <li class=""> <a href="function.ucfirst.php" title="ucfirst">ucfirst</a> </li> <li class=""> <a href="function.ucwords.php" title="ucwords">ucwords</a> </li> <li class=""> <a href="function.vfprintf.php" title="vfprintf">vfprintf</a> </li> <li class=""> <a href="function.vprintf.php" title="vprintf">vprintf</a> </li> <li class=""> <a href="function.vsprintf.php" title="vsprintf">vsprintf</a> </li> <li class=""> <a href="function.wordwrap.php" title="wordwrap">wordwrap</a> </li> </ul> </li> <li> <span class="header">Deprecated</span> <ul class="child-menu-list"> <li class=""> <a href="function.convert-cyr-string.php" title="convert_&#8203;cyr_&#8203;string">convert_&#8203;cyr_&#8203;string</a> </li> <li class=""> <a href="function.hebrevc.php" title="hebrevc">hebrevc</a> </li> <li class=""> <a href="function.utf8-decode.php" title="utf8_&#8203;decode">utf8_&#8203;decode</a> </li> <li class=""> <a href="function.utf8-encode.php" title="utf8_&#8203;encode">utf8_&#8203;encode</a> </li> </ul> </li> </ul> </aside> </div><!-- layout --> <footer> <div class="container footer-content"> <div class="row-fluid"> <ul class="footmenu"> <li><a href="/manual/de/copyright.php">Copyright &copy; 2001-2024 The PHP Documentation Group</a></li> <li><a href="/my.php">My PHP.net</a></li> <li><a href="/contact.php">Contact</a></li> <li><a href="/sites.php">Other PHP.net sites</a></li> <li><a href="/privacy.php">Privacy policy</a></li> </ul> </div> </div> </footer> <script src="/cached.php?t=1731172202&amp;f=/js/ext/jquery-3.6.0.min.js"></script> <script src="/cached.php?t=1723177202&amp;f=/js/ext/FuzzySearch.min.js"></script> <script src="/cached.php?t=1707321815&amp;f=/js/ext/mousetrap.min.js"></script> <script src="/cached.php?t=1707321815&amp;f=/js/ext/jquery.scrollTo.min.js"></script> <script src="/cached.php?t=1733296801&amp;f=/js/search.js"></script> <script src="/cached.php?t=1732876201&amp;f=/js/common.js"></script> <script type="module" src="/cached.php?t=1733276402&amp;f=/js/interactive-examples.js"></script> <a id="toTop" href="javascript:;"><span id="toTopHover"></span><img width="40" height="40" alt="To Top" src="/images/to-top@2x.png"></a> <div id="search-modal__backdrop" class="search-modal__backdrop"> <div role="dialog" aria-label="Search modal" id="search-modal" class="search-modal" > <div class="search-modal__header"> <div class="search-modal__form"> <div class="search-modal__input-icon"> <!-- https://feathericons.com search --> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </div> <input type="search" id="search-modal__input" class="search-modal__input" placeholder="Search docs" aria-label="Search docs" /> </div> <button aria-label="Close" class="search-modal__close"> <!-- https://pictogrammers.com/library/mdi/icon/close/ --> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" > <path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z"/> </svg> </button> </div> <div role="listbox" aria-label="Search results" id="search-modal__results" class="search-modal__results" ></div> <div class="search-modal__helper-text"> <div> <kbd>↑</kbd> and <kbd>↓</kbd> to navigate • <kbd>Enter</kbd> to select • <kbd>Esc</kbd> to close </div> <div> Press <kbd>Enter</kbd> without selection to search using Google </div> </div> </div> </div> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10