SHA512 hash in php

Hi ,
I looked on Yahoo and Google for SHA512 hash --but Nothing. Does PHP not support SHA512 yet?
Also, once I upgrade to SHA512 (if I can with PHP), what should I modify my database to? Currently my password field is set for “varchar(32) default NULL”, what would be the proper setting for the SHA512 function?
And is this hash is reversible?

And i just heard that MD5 is broken, is this true?
bcoz i dont know either true or not i want to confirm it from other programmers.

Thanks.

With PHP 5 (and by default in 5.1.2 and upwards) there is a SHA512 algorithm implemented in the ‘hash’ function - see: http://uk2.php.net/manual/en/function.hash-algos.php

To use it you’d do:


$hashed = hash('sha512', $data);

Which would result in a 128 character string, so you’d have to modify your database to:


CHAR(128)

Secondly MD5 hasn’t been broken, it’s been proven to have a higher collision rate that previously thought when using specific techniques, but for day to day use for non-essential data and using defacto security standards (e.g. salting, hash combination etc.) then the likelyhood of it being broken is small to extremely small.

To answer your other question:

Hashes are design to not be reversible. If you want something reversible, you need to look into encryption.

cheers

Thanks guys for ur information.

I got th point now.

what is the advantage of SHA512 ?

Last night i test this, it give me the result as 128 char which is too long,
So in my mind it is not possible to guess it, Very hard to find the
actual word.

If you are having trouble sleeping, read http://en.wikipedia.org/wiki/SHA-1

otherwise it is basically a hash algorithm with a higher block(bits) rate that makes it practically impossible to break. It returns a 128 character string which mmarif4u found to be a bit too long.

Generally speaking I agree with Harry, for general usage stivk to md5 or similar.

thanks Spikez fro comments, I doesnot mean that its too long but it is long
compare to md5.

Myself i am using still md5 which is the best chioce still.

Personally I still use MD1. It only produces a 2 character long string, but that’s still 1296 combinations, certainly more than I have time to list out and I assume other hackers have similarly short attention spans.