Using the PHP Function Sha1 to Hash Your Passwords
PHP’s built-in sha1 function is a very useful and powerful hashing function. It can take a string and produce its corresponding hash value, which is then printed on output. It also provides a very quick and simple way to verify whether two strings are equal.
The SHA-1 (Secure Hash Algorithm 1) algorithm is a cryptographic function that produces a 160-bit hash value from an input string. This hash value cannot be reversed to determine the original string from which it was created, making it almost impossible for a third party to spoof your data.
This is one of the most popular methods for generating passwords. However, as cybercrime becomes more sophisticated it’s time to move on from plain old sha1. Fortunately, PHP comes with some smarter password hashing functions: password_hash() and password_verify().
Both functions use the same SHA-1 algorithm, but are faster and more secure than sha1(). In addition, they support more encodings and can be used with multiple types of input.
The function takes two arguments: the string you want to hash and an optional boolean value that specifies the raw output format. If you set this to TRUE, the function will return the hash in a 16 bit format instead of the 32 bit format it uses by default.
If you don’t set this, the function will return a lowercase hex string of length 32 or raw binary data of length 16. This article has been updated from its original version in Hacking with PHP. Download the latest edition of this comprehensive, hands-on guide to learning PHP.