PHP
downloads | documentation | faq | getting help | mailing lists | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

OpenSSL> <Fonctions Mhash
Last updated: Fri, 14 Nov 2008

view this page in

mhash

(PHP 4, PHP 5)

mhashCalcule un hash

Description

string mhash ( int $hash , string $data [, string $key ] )

mhash() applique la fonction de hash hash aux données data .

Liste de paramètres

hash

L'identifiant du hash. Une parmi les constantes MHASH_XXX.

data

L'entrée utilisateur, sous la forme d'une chaîne de caractères.

key

Spécifié, la fonction retournera le HMAC résultant. HMAC est un hash indexé utilisé pour l'identification de message, ou bien un simple rapport de message, suivant la clé spécifiée. Certains algorithmes supportés dans mhash ne sont pas compatibles avec le mode HMAC.

Valeurs de retour

Retourne le hash résultant (appelé aussi "digest") ou HMAC, sous la forme d'une chaîne de caractères ou FALSE si une erreur survient.



OpenSSL> <Fonctions Mhash
Last updated: Fri, 14 Nov 2008
 
add a note add a note User Contributed Notes
mhash
numien(at)deathwyrm(dot)com
31-Jan-2007 02:21
---Quote---
pack("H*", md5($str)) == mhash(MHASH_MD5, $str)
pack("H*", sha1($str)) == mhash(MHASH_SHA1, $str)
---/Quote---

That's an awfully inefficient way of doing things. You can just put ", true" after md5 or sha1 to get binary output instead of having it convert it to hex then back.

Easier way:
md5($str, true) == mhash(MHASH_MD5, $str)
sha1($str, true) == mhash(MHASH_SHA1, $str)
marcel446 at yahoo dot com
06-Jun-2005 01:15
Just in case you did not observe, the function of Lance is independent of hash fuction used to get HMAC , so if one use sha1() function from php instead md5() will get sha1 HMAC.
Just try .
Thanks again Lance
robbie [at] averill [dot] co [dot] nz
19-Mar-2005 02:17
This confused me a bit when I first read the documetation for mhash. The functions that accept a hash accept them as an INTEGER not a STRING. In this case, MHASH_MD5 = 1. It is a constant, not a string.

Just thought I'd point that out, so if anyone is confused they can read that. That's the use of mhash_get_hash_name(). You input the constant (which is an integer) and it returns the hash name.
fernan at ispwest dot com
02-Nov-2004 09:03
Thanks a lot to Lance for showing how to create mhash without installing the perl extension for mhash.

I have been asking my webhosting administrator to recompile Perl with mhash extension, but do not want to do it. As a result, our company can't get credit card authorization because they require fingerprint which uses the function mhash. Now, it's working fine.

Thanks a lot, Lance.....

Fernan
jerry d0t wilborn at fast d0t net
02-Jul-2004 06:36
in responce to lance's post:

the function comes back with a hex representation of the hmac, if you wish to convert to what mhash returns natively (binary) use:  pack("H*", hmac(variables...));
lance_rushing at hot* spamfree *mail dot com
10-Jul-2003 02:02
Don't forget php has two built in hashing algorithms:

md5(), and sha1()

So if you are using: mhash(MHASH_MD5, $str) or mhash(MHASH_SHA1, $str) you could use md5($str) or sha1($str).

** But remember that md5() and sha1() produce HEX output while mhash() produces a BIN output.  So:

md5($str) == bin2hex(mhash(MHASH_MD5, $str))
sha1($str) == bin2hex(mhash(MHASH_SHA1, $str))

AND

pack("H*", md5($str)) == mhash(MHASH_MD5, $str)
pack("H*", sha1($str)) == mhash(MHASH_SHA1, $str)

(Just remember to pack() or bin2hex() your output to get the output you need)

-Lance
lance_rushing at hot* spamfree *mail dot com
28-Nov-2002 05:36
Want to Create a md5 HMAC, but don't have hmash installed?

Use this:

function hmac ($key, $data)
{
    // RFC 2104 HMAC implementation for php.
    // Creates an md5 HMAC.
    // Eliminates the need to install mhash to compute a HMAC
    // Hacked by Lance Rushing

    $b = 64; // byte length for md5
    if (strlen($key) > $b) {
        $key = pack("H*",md5($key));
    }
    $key  = str_pad($key, $b, chr(0x00));
    $ipad = str_pad('', $b, chr(0x36));
    $opad = str_pad('', $b, chr(0x5c));
    $k_ipad = $key ^ $ipad ;
    $k_opad = $key ^ $opad;

    return md5($k_opad  . pack("H*",md5($k_ipad . $data)));
}

-----
To test:
Run this on a server _with_ mhash installed:

$key = 'Jefe';
$data = "what do ya want for nothing?";
echo hmac($key, $data);
echo "&lt;br&gt;\n";
echo bin2hex (mhash(MHASH_MD5, $data, $key));

should produce:

750c783e6ab0b503eaa86e310a5db738
750c783e6ab0b503eaa86e310a5db738

Happy hashing.
shimon_d at hotmail dot com
22-Aug-2002 09:05
password security:
when you hash passwords to save them in cookie , url ,etc' my sugsession is to hash them with date
becouse of evry body can view server log or any other loged info and reuse the hash

ie.: to re call a url eg. admin.php?user=root&passhash=5rft346tert
in this example the password keepped in secret but what stopping me to reuse the url

hash("secret") // bad security
hash("secret".date("Ymg")) // better security
// the hash good only for today
luc at 2113 dot ch
28-Dec-2001 02:42
Netscape messaging / directory server 4+ uses SHA-1
to store password in the ldap database (slapd).
The password is first SHA-1 hashed then base64 encoded:

$pwd = "secret";
$hash = "{SHA}".base64_encode( mHash(MHASH_SHA1, $pwd));
echo "Hash: ". $hash ;
paulj at 5emedia dot net
06-Dec-2001 07:02
Many digest algorithms (especially MD5) are less secure if you are hashing data that is smaller than the algorithm's output.  I recommend either hashing a secret key/salt with the original data to increase it's security.
02-May-2001 10:02
Using RedHat 7.1, after compile/install, I had to add the line

/usr/local/lib

to /etc/ld.so.conf and run ldconfig to make this work.
add a note add a note

OpenSSL> <Fonctions Mhash
Last updated: Fri, 14 Nov 2008
 
 
show source | credits | sitemap | contact | advertising | mirror sites