Secure Your PHP Code with the Simple and Flexible evp_hash() Function

uriByuri

In many applications, it is important to hash input values for security or data integrity purposes. Hashing is a process that takes an input value and produces a fixed-size output value, known as a hash. Hash functions are commonly used to store passwords, validate data integrity, and generate unique identifiers.

In PHP, the hash() function can be used to compute the hash of an input value using a variety of hashing algorithms, such as SHA-1, SHA-256, MD5, and FNV-1a. However, using the hash() function directly can be cumbersome and error-prone, especially if you need to hash values frequently in your code.

To simplify the process of hashing input values in PHP, you can define a custom function that encapsulates the hash() function and provides a simple interface for computing hashes. In this post, we’ll introduce a simple PHP function called evp_hash() that can be used to hash input values using a specified algorithm.

The evp_hash() Function

The evp_hash() function is a simple PHP function that takes an input value and an optional algorithm name as arguments, and returns the hash of the input value as a string. Here’s the function signature:

/**
 * Calculates the hash of the input value using the specified algorithm.
 *
 * @param mixed $val The input value to hash.
 * @param string $algo The hashing algorithm to use (default: 'fnv1a32').
 * @return string The hash value as a string.
 */
function evp_hash( $val, $algo = 'fnv1a32' ): string
{
    return hash( $algo, $val );
}

The evp_hash() function takes two arguments:

  • $val: The input value to be hashed. This can be a string, an integer, or any other scalar or non-scalar value that can be converted to a string.
  • $algo: The name of the hashing algorithm to use. This is an optional argument that defaults to ‘fnv1a32’, which is a non-cryptographic hash algorithm that produces a 32-bit hash value.

The evp_hash() function uses the hash() function to compute the hash of the input value using the specified algorithm (or the default ‘fnv1a32’ algorithm if no algorithm is specified). The resulting hash value is returned as a string.

Using the evp_hash() Function

To use the evp_hash() function in your PHP code, simply call the function and pass the input value as the first argument, and the algorithm name (if different from the default ‘fnv1a32’ algorithm) as the second argument. Here are some examples:

// Hash a string using the default 'fnv1a32' algorithm
$hash = evp_hash( 'Hello, world!' );
echo $hash;  // Output: ed90f094

// Hash an integer using the default 'fnv1a32' algorithm
$hash = evp_hash( 12345 );
echo $hash;  // Output: 43c2c0d8

// Hash a string using the SHA-256 algorithm
$hash = evp_hash( 'Hello, world!', 'sha256' );
echo $hash;  // Output: 315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3

In the above examples, we use the evp_hash() function to compute the hash of various input values using different hashing algorithms. Note that the output hash values are different for each input value and algorithm combination.

Conclusion

The evp_hash() function provides a simple interface for computing the hash of input values using a variety of hashing algorithms in PHP. By encapsulating the hash() function in a custom function, we can simplify the process of hashing input values and reduce the chance of errors in our code.

However, it’s worth noting that the choice of hashing algorithm depends on the specific use case and security requirements of your application. Non-cryptographic hash algorithms like FNV-1a are suitable for some applications, but may not provide sufficient security for others. It’s important to choose a hashing algorithm that is appropriate for your use case and implement proper security measures to protect your data.