<?php
/**
* This hashing function generates message digests that are salted with random
* salt, so no two hashes of the same input data should produce the same
* results. The salt is scrambled directly into the output string using a fairly
* secure scrambling algorithm that makes it virtually impossible for any
* attacker to uncover it (the salt characters appear in random order at random
* positions with almost-uniform distribution, therefore are indistinguishable
* from the hash characters).
*
* This hashing function can also verify whether a string is a digest of some
* input message, use various hashing algorithms (those supplied by PHP's
* hash_algos(); if you specify an unknown algorithm, the function defaults to
* SHA1), and you can even provide a key for HMAC variant of the message digest
* (actually the HMAC variant is always used, but if you don't specify the key,
* empty string is used instead).
*
* Possible usage for this function is generating password hashes; they will be
* already salted, which is always good, but you don't have to store the salt
* anywhere in your database, which improves security and simplifies your code.
* You can also check very easily if the user supplied password on login matches
* the stored hash.
*/
require_once 'ktHash.php';
define('APPLICATION_SECRET', "This is an application-wide shared secret key.");
$password = "password";
$hash_1 = ktHash::hash($password, APPLICATION_SECRET); // password hash
$hash_2 = ktHash::hash($password, APPLICATION_SECRET); // another password hash
$verified_YES_1 = $hash_1 === ktHash::hash($password, APPLICATION_SECRET, $hash_1) ? "YES" : "NO"; // check password hash
$verified_YES_2 = $hash_2 === ktHash::hash($password, APPLICATION_SECRET, $hash_2) ? "YES" : "NO"; // works on this one too
$verified_NO = $hash_1 === ktHash::hash("wrong_password", APPLICATION_SECRET, $hash_1) ? "YES" : "NO"; // but this check fails
$hash_whirlpool = ktHash::hash($password, APPLICATION_SECRET, NULL, "whirlpool"); // use different hashing algorithm
echo $hash_1 . "<br />";
echo $hash_2 . "<br />";
echo $verified_YES_1 . "<br />";
echo $verified_YES_2 . "<br />";
echo $verified_NO . "<br />";
echo $hash_whirlpool . "<br />";
/**
* Result:
*
* 3a2d2532b06d7a94f37b15c1cbf50b89f4e78fc7
* e810428e1d66af5243a9ef62ac6cc095ac2f5622
* YES
* YES
* NO
* dd610019e7a794276df956f6a2b168c26ffb71ca967ca9e70476331e21dc109fa822af50085e8af71ef4a3fb37d42aacee55f23461db83101e5d54840a85beba
*/
|