Digital signatures can, in turn, be
used to uniquely identify the sending party. MD5 is considered to be a one-way hashing
algorithm, which means there is no way to dehash data that has been hashed using
md5(). Its prototype looks like this:
string md5(string str)
The MD5 algorithm can also be used as a password verification system. Because it
is (in theory) extremely difficult to retrieve the original string that has been hashed
using the MD5 algorithm, you could hash a given password using MD5 and then
560 CHAPTER 21 ?– SECURE PHP PROGRAMMING
compare that encrypted password against those that a user enters to gain access to
restricted information.
For example, assume that your secret password toystore has an MD5 hash of
745e2abd7c52ee1dd7c14ae0d71b9d76. You can store this hashed value on the server
and compare it to the MD5 hash equivalent of the password the user attempts to
enter. Even if an intruder gets hold of the encrypted password, it wouldn??™t make
much difference because that intruder can??™t return the string to its original format
through conventional means. An example of hashing a string using md5() follows:
$val = "secret";
$hash_val = md5 ($val);
// $hash_val = "5ebe2294ecd0e0f08eab7690d2a6ee69";
?>
Remember that to store a complete hash, you need to set the field length to
32 characters.
The md5() function will satisfy most hashing needs.
Pages:
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645