Hash Functions
Just a quick note about these benchmarks and how you should apply them.
If you are hashing passwords etc for security, speed is not your friend. You should use the slowest method.
Slow to hash means slow to crack and will hopefully make generating things like rainbow tables more trouble than it's worth.
hash
(PHP 5 >= 5.1.2, PECL hash:1.1-1.5)
hash — Generate a hash value (message digest)
Description
string hash
( string $algo
, string $data
[, bool $raw_output
] )
Parameters
- algo
-
Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4", etc..)
- data
-
Message to be hashed.
- raw_output
-
When set to TRUE, outputs raw binary data. Default value (FALSE) outputs lowercase hexits.
Return Values
Returns a string containing the calculated message digest as lowercase hexits unless raw_output is set to true in which case the raw binary representation of the message digest is returned.
Examples
Example #1 A hash() example
<?php
echo hash('ripemd160', 'The quick brown fox jumped over the lazy dog.');
?>
The above example will output:
ec457d0a974c48d5685a7efa03d137dc8bbde7e3
add a note
User Contributed Noteshash
Leigh
06-Aug-2008 06:10
06-Aug-2008 06:10
The
27-May-2008 11:52
27-May-2008 11:52
Note that some of the hash algorithms provided are considered weak (e.g., md5, sha1 and haval128,3). If you have a choice in the matter, use ripemd160, whirlpool or tiger192,4.
inspiration3 at gmail dot com
04-May-2008 04:12
04-May-2008 04:12
Another comprehensive benchmark script that orders results from best to worst and includes the crc32(), md5() and sha1() standalone functions:
<?php
define('HASH_TIMES', 1000);
define('HASH_DATA', 'The quick brown fox jumped over!'); // 32 bytes
header('Content-Type: text/plain');
echo 'Testing ' . strlen(HASH_DATA) . ' bytes of data over ' . HASH_TIMES . " iterations:\n";
foreach (hash_algos() as $algo) {
$time = microtime(1);
for ($i = 0; $i < HASH_TIMES; $i++) hash($algo, HASH_DATA);
$results[$algo] = microtime(1) - $time;
}
$time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) crc32(HASH_DATA); $results['crc32()'] = microtime(1) - $time;
$time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) md5(HASH_DATA); $results['md5()'] = microtime(1) - $time;
$time = microtime(1); for ($i = 0; $i < HASH_TIMES; $i++) sha1(HASH_DATA); $results['sha1()'] = microtime(1) - $time;
asort($results, SORT_NUMERIC);
foreach ($results as $algo => $time) echo "\n$time\t$algo";
?>
Marcus
27-Apr-2008 01:15
27-Apr-2008 01:15
A upgrade of dani88elx's performance test, this time grading them by speed (fastest first) and comparing times between hex and raw data.
<?
function testAlgos() {
$algos = hash_algos();
$word="This will be crypted by all different algoritms";
$results = array();
foreach($algos as $algo)
{
$time=microtime(1);
$data = hash($algo, $word, false);
$results["".(microtime(1)-$time)][] = "$algo (hex)";
}
foreach($algos as $algo)
{
$time=microtime(1);
$data = hash($algo, $word, true);
$results["".(microtime(1)-$time)][] = "$algo (raw)";
}
ksort($results);
foreach($results as $time => &$algos) {
echo $time."\n";
sort($algos);
foreach($algos as $algo)
echo "\t".$algo."\n";
}
}
testAlgos();
?>
Errata
26-Dec-2007 05:54
26-Dec-2007 05:54
The above won't work in raw output, besides the crc32 function isn't the same.
if(!function_exists('hash')) {
function hash($algo, $data, $raw_output = 0)
{
if($algo == 'md5') return(md5($data, $raw_output));
if($algo == 'sha1') return(sha1($data, $raw_output));
}
}
mysteryboy
04-Aug-2007 03:33
04-Aug-2007 03:33
but hash a big file ,
example:23KB:
hash
1.2369749546051: md4
1.5122809410095: md5
7.1646420955658: adler32
3.1666488647461: crc32
0.018635988235474: crc32b
2.4434490203857: sha1
=========>>
1.5402789115906: md5
2.4519650936127: sha1
dani88elx at gmail dot com
26-Jun-2007 04:06
26-Jun-2007 04:06
Comparison between hash algorithms.
<?
$algos = hash_algos();
$word="hola";
foreach($algos as $algo)
{
echo $algo.": ";
$time=microtime(1);
echo hash($algo, $word);
echo "<br>".(microtime(1)-$time)."<br><hr>";
}
?>
just me
10-Apr-2007 11:02
10-Apr-2007 11:02
The speed difference (as noted in a below posting) between md5() and hash() goes down to zero with strings longer than just a few bytes. With a string length of 1kB the difference is 10% advantage for hash() and shrinks further down to 3% with 10kB strings.
mikael at webhost3 dot eu
10-Mar-2007 01:34
10-Mar-2007 01:34
<?php
$time=microtime(1);
for ($i=0;$i<100000;$i++)
hash('md5', 'string');
echo microtime(1)-$time,': hash/md5<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
md5('string');
echo microtime(1)-$time,': md5<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
hash('sha1', 'string');
echo microtime(1)-$time,': hash/sha1<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
sha1('string');
echo microtime(1)-$time,': sha1<br>';
?>------------------------<br><?php
$time=microtime(1);
for ($i=0;$i<100000;$i++)
hash('md5', $i);
echo microtime(1)-$time,': hash/md5<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
md5($i);
echo microtime(1)-$time,': md5<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
hash('sha1', $i);
echo microtime(1)-$time,': hash/sha1<br>';
$time=microtime(1);
for ($i=0;$i<100000;$i++)
sha1($i);
echo microtime(1)-$time,': sha1<br>';
?>
Gives:
0.33311605453491: hash/md5
1.0671429634094: md5
0.383131980896: hash/sha1
1.3252220153809: sha1
------------------------
0.37684988975525: hash/md5
1.1258299350739: md5
0.43960785865784: hash/sha1
1.3876020908356: sha1
Peter Kelly
29-Jan-2007 12:32
29-Jan-2007 12:32
If the hash functions are not available to you at the moment, and you want to future proof your code, then the code below will emulate two of the important hashing functions, they will also be automatically replaced with the faster versions if available.
if(!function_exists('hash_algos'))
{
function hash_algos()
{
$algo[0] = "md5";
$algo[1] = "sha1";
$algo[2] = "crc32";
return($algo);
}
}
if(!function_exists('hash'))
{
function hash($algo, $data, $raw_output = 0)
{
if($algo == 'md5') return(md5($data));
if($algo == 'sha1') return(sha1($data));
if($algo == 'crc32') return(crc32($data));
}
}