Posted by David Norman on 10/10/48 11:08

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought some other people would be interested in the other hashes
that you can do with mhash that aren't on the php.net docs after the
recent news that SHA-1 might be weaker than previously thought:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

The built in constants that the mhash docs have listed are simply
integers that tell mhash what to use. So I found the integers in
mhash's mhash.h:

http://cvs.sourceforge.net/viewcvs.py/mhash/mhash/lib/mhash.h?rev=1.25&view=auto

The following works for alternate hashes in the Win32 PHP 5.0.3
release of libmhash.h. For anyone wanting a step up from SHA-1, SHA256
works.

$hashes = array('CRC32' => 0,
~ 'CRC32B' => 9,
~ 'ADLER32' => 18,
~ 'MD4' => 16,
~ 'MD5' => 1,
~ 'RIPEMD160' => 5,
~ 'SHA1' => 2,
~ 'SHA256' => 17,
~ 'HAVAL128' => 13,
~ 'HAVAL160' => 12,
~ 'HAVAL192' => 11,
~ 'HAVAL224' => 10,
~ 'HAVAL256' => 3,
~ 'TIGER128' => 14,
~ 'TIGER160' => 15,
~ 'TIGER192' => 7,
~ 'GOST' => 8);

foreach($hashes as $name => $number) {
~ echo '<br />';
~ echo $name, ': ', bin2hex(mhash($number, 'this is a test'));
}

or as PHP constants:

$hashes = array('CRC32' => MHASH_CRC32,
~ 'CRC32B' => MHASH_CRC32B,
~ 'ADLER32' => MHASH_ADLER32,
~ 'MD4' => MHASH_MD4,
~ 'MD5' => MHASH_MD5,
~ 'RIPEMD160' => MHASH_RIPEMD160,
~ 'SHA1' => MHASH_SHA1,
~ 'SHA256' => MHASH_SHA256,
~ 'HAVAL128' => MHASH_HAVAL128,
~ 'HAVAL160' => MHASH_HAVAL160,
~ 'HAVAL192' => MHASH_HAVAL192,
~ 'HAVAL224' => MHASH_HAVAL224,
~ 'HAVAL256' => MHASH_HAVAL256,
~ 'TIGER128' => MHASH_TIGER128,
~ 'TIGER160' => MHASH_TIGER160,
~ 'TIGER192' => MHASH_HAVAL192,
~ 'GOST' => MHASH_GOST);
foreach($hashes as $name => $number) {
~ echo '<br />';
~ echo $name, ': ', bin2hex(mhash($number, 'this is a test'));
}

I suspect if you were able to compile a more recent version of mhash,
the following complete list of mhash's hashes would work, including
SHA512 and WHIRLPOOL.

$hashes = array('CRC32' => 0,
~ 'CRC32B' => 9,
~ 'ADLER32' => 18,
~ 'MD2' => 27,
~ 'MD4' => 16,
~ 'MD5' => 1,
~ 'RIPEMD160' => 5,
~ 'RIPEMD128' => 22,
~ 'RIPEMD256' => 23,
~ 'RIPEMD320' => 24,
~ 'SHA1' => 2,
~ 'SHA224' => 19,
~ 'SHA256' => 17,
~ 'SHA384' => 21,
~ 'SHA512' => 20,
~ 'HAVAL128' => 13,
~ 'HAVAL160' => 12,
~ 'HAVAL192' => 11,
~ 'HAVAL224' => 10,
~ 'HAVAL256' => 3,
~ 'TIGER128' => 14,
~ 'TIGER160' => 15,
~ 'TIGER192' => 7,
~ 'GOST' => 8,
~ 'WHIRLPOOL' => 21,
~ 'SNEFRU128' => 25,
~ 'SNEFRU256' => 26);

foreach($hashes as $name => $number) {
~ echo '<br />';
~ echo $name, ': ', bin2hex(mhash($number, 'this is a test'));
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCEtHtqLBH+DmBuAIRAhN1AJ9YjaYRNP7d1FVp9zLXNDlBAeWvUQCgutlh
7d+AAPjv1Kh3rWiqld654DE=
=dhyN
-----END PGP SIGNATURE-----

• Next in thread: Re: [PHP] other mhash hashes
• Next in forum: Re: [PHP] PHP 5 with Apache 2.0
• Prev in forum: Re: [PHP] Session Vars and Performance
• Thread view: other mhash hashes

[Reply to this message]