Lets face it. MD4 and MD5 are old and compromised. SHA1 even has a few risks associated with it now. The hash() function, with its many algorithms, is a godsend ... but which do you choose? Which do you have? How many characters will the hash take in your database?
Now you know!
This script is a simplistic little thing, sorta, that rates the algorithms present upon your server, extracts any known information (hardcoded into the script unfortunately), and tells you how many characters the HEX code will take for the hash. It even has a handy-dandy (approximate) strength indicator.
HOWEVER! No strong hash will ever secure a terrible password. ' ' hashed will always fall quickly to a brute force assault. So, while the difference in hashes can make good difference in preventing collision attacks, the password length and strength is just as, if not more, important.
1.0 release 2
Speed calculation is done upon a dummy 1MB file.
1.0 release 3
Slight speed increase in regex checking
Footer now states total generation time and hash count
Minor tweaks I have since forgotten...
I wrote this because I was tired of constantly looking things up, doing the math, and figuring it all out every time I want to pick a hash algorithm.
I wouldn't suggest you read this script to learn from me. This time around it's a disorganized mess. It was complex enough to get working without losing track of my variables. That said, it isn't too bad and it (better yet) works.
Oh yeah, and the columns sort themselves when you click on the column header.
Just unzip and upload; navigate to whatever directory you put it in, and load the script.
Me, of course, for the brunt of the typing and research behind the algorithms.
WildHoney and Salathe, for helping my HORRID command of regex.
Err... didn't know it needed one. This'n is simple. Maybe BSD? PM for commercial use permission, please.
__________________ Programmers are in a race with the Universe to create bigger and better idiot-proof programs, while the Universe is trying to create bigger and better idiots. So far the Universe is winning. - Rich Cook
Last edited by RobertK : 01-09-2008 at 02:51 PM.
Reason: Updated; hash speed now calculated