After getting the hang of the crypt() function it got me wondering what other hashing functions there were so I had a look and dug up two:

  • hash()
  • mcrypt()


I put together this to see what sort of hash they would give out using password as the password (I would hope that no-one would ever use that as a password for a real site):

PHP Code:
<?php

/*
Hashing Functions Testing
*/

$password 'password';
$salt=str_shuffle('AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz012345678987654321');

// hash (Using sha512)
echo '<p>hash() using sha512</p>';
$password1 hash_function($password,$salt);
echo 
"<p>Password: $password1</p>";

// mcrypt (Using rijndael-256)
echo '<p>mcrypt using rijndael-256</p>';
$password1 mcrypt_function($password,$salt);
echo 
"<p>Password: $password1</p>";

// crypt (Using sha512)
echo '<p>crypt using sha512</p>';
$password1 crypt_function($password,$salt);
echo 
"<p>Password: $password1</p>";

function 
hash_function($password,$salt) {
    
$count=0;
    while (
$count 5000 ) {
        
$count=$count+1;
        
$password hash('sha512',"$password.$salt");
    }
    
$final_password $password;
    return 
$final_password;
}

function 
crypt_function($password,$salt) {
    
$salt=substr($salt,0,16);
    
$crypt_salt='$6$rounds=5000$'.$salt.'$';
    
$password=crypt($password,$crypt_salt);
    
$final_password $password;
    return 
$final_password;
}

function 
mcrypt_function($password,$salt) {
    
$salt=substr($salt,0,32);
    
$td mcrypt_module_open('rijndael-256''''ecb''');
    
$iv mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    
mcrypt_generic_init($td$salt$iv);
    
$password mcrypt_generic($td$password);
    
mcrypt_generic_deinit($td);
    
mcrypt_module_close($td);
    
$final_password $password;
    return 
$final_password;
}
?>
Output:

hash() using sha512
Password: 2730720b94c219014ed3e45e0d675d3ab86a7a4aad3a2f654e205af1ca5ea0f7c416b735a65e0d5b186ebadaf2ef06bf68f707a1efd24ea394eea74f8a92c34b
mcrypt using rijndael-256

Password: m vȂޕ/h$Hy"~

crypt using sha512
Password: $6$rounds=5000$K5NFMuw1koxQmA7G$8WuiGFmH7AxI5BmULbAhplz4nxMcz.1eHf6WfQKW4RfLDM2dO8VMOGCkaI1h97HIoYwvOvBYPRJfshHcaO479/
At the moment I'm leaning towards using mcrypt with rijndael-256, reading up on rijndael-256 it appears that realistically it's uncrackable (well it looks like any hacker would need some ridiculously expensive and powerful hardware). Also the has string is shorter so won't take up so much disk space (assuming a site ever gets more then 1,000 members).

What is you're preferred function (and algorithm) and why?