Hi there

I would like to know how to use SHA-256 to hash my passwords
It mhash the only function that can do it?

mhash(MHASH_SHA256,$string);

When I use mhash(), I get a string with weird caracters like "�[#�8��10�7"�0*"�;���fӏU۶�" instead of something like "5b5cdff61cdb68ed059e39b3f9c82588"

Is it normal?
thanks for your help

    You could use [man]bin2hex/man with the output of mhash(). As for another possible function, [man]hash/man might be available.

      thanks you, and concerning the output of mhash(MHASH_SHA256,$string)
      is it normal to get a string with some weird caracters? what would be the standard output? I don't know if the result I get with the function is correct

        In this case it is probably normal. The output you get is in binary, so you need to convert it into a more human readable form.

          so is there a php function to convert from binary to an alphanumeric string?

            bin2hex() worked, did it not? [man]base64_encode/man would be another option, but you are probably more familiar with hex strings.

              I didn't try bin2hex as I have to keep working with mhash, any idea?

                I didn't try bin2hex as I have to keep working with mhash, any idea?

                That is the point:

                echo bin2hex(mhash(MHASH_SHA256, $string));

                  it works , thanks 🙂
                  can you confirm the string that is returned with bin2hex is a unique hash string of the input?
                  would you recommand to store in the database the bin2hex string instead of the mhash string, for example if I you would have to use it for unique email validation link

                    can you confirm the string that is returned with bin2hex is a unique hash string of the input?

                    No, you have no guarantee that there will be no hash collisions. However, such collisions are rather unlikely so you can ignore them. If you want to be safe, record them in the database with the UNIQUE constraint.

                    would you recommand to store in the database the bin2hex string instead of the mhash string, for example if I you would have to use it for unique email validation link

                    Yes as you can then store it in a CHAR(64) field instead of a BLOB, and it saves on having to use bin2hex() again.

                      laserlight, thank you for your help and your very clear answers

                        You're welcome 🙂
                        Remember to mark this thread resolved using the Thread Tools.

                          Hi again

                          I just learned that as of PHP 5.3.0 mhash is obsoleted by Hash.
                          Would you then recommand to always use Hash() instead of mhash()?

                            If you can use hash(), you might as well use it since you would not need to use bin2hex() with it.

                              laserlight wrote:

                              If you can use hash(), you might as well use it since you would not need to use bin2hex() with it.

                              that's what I thought, thanks for your help

                                Write a Reply...