Hashing data involves a one-way process of converting a string of variable length into a fixed length string of data. This has many uses such as creating hashing tables to speed up the process of retrieving data from structures or databases. Web developers commonly use hashing for cryptography as a method of securing data stored in a database.
Let's suppose you want to create a user account system for a web application, a common scenario where you would need to store users usernames and passwords. If the database was hacked the attacker would have access to all the users passwords if the data was stored unencrypted. Alternatively the users password could be hashed during the registration process and stored in the database using the hash. Each time the user logs in to your application, the password is hashed again and compared to the original registration hash to authenticate them. This means should an attacker gain access to your database, they won't immediately have any passwords that they could use.
Hashing your data for cryptography doesn't make it unbreakable - there are various techniques for cracking data stored as a hash. Most of these techniques involves some form of 'brute force' technique where the the attacker will hash various strings of data to find a match and thus reveal the password. This type of attack can be prevented by adding a 'salt' to your password hash. A salt is a random string appended or prepended to the password before it is hashed, the benefit being that hashing the same password will be different every time, here's an example:
Password='test', Salt='abc123' Hash='26796f8f5f0ebb4af3b9cb3fb3327a6c73e797d7' Password='test', Salt='cde456' Hash='686331bf9399fc8ab45e78bfc40c2da9c142ca1d' Password='test', Salt=' ' Hash='a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'
So if an attacker tried to hash 'test', they'd get a different result from the salted version stored in your database. You could take this a step further and use two salts, one of which is stored in the database unique to each user, and another stored in the PHP code to further protect your users' data.
The coveloping hash generator is easy to use - simply choose the hashing algorithm you wish to use, enter the string you want to hash, set a salt if you want to use one and then click hash to retrieve the hashed string.
Sha1, Md5 and Sha256 were once commonly used for password encryption though PHP's 'crypt' function is now recommended as the fore-mentioned were created for computational speed over security. The coveloping hash generator allows you to convert to any hash available in PHP's hash function.
The hash generator allows you to choose from the following has hashing algorithms:
In addition to setting your hashing algorithm you can also apply a salt to use for improved security.
Join Coveloping membership from $4.99 a month and get your first month free, cancel at any time