PHL, the PHP Hash Library, is an object oriented set of classes designed to encapsulate enumeration of the hashes in a given build of mhash. It loads information that has been aggregated into an XML file and tests the hash speed of the algorithms. Currently most algorithms in mhash distributions are ranked and rated in accordance with the known information. Even when a hash is unknown the script makes its best attempt to extract what it can.
Currently, there is detailed information within the XML datafile on 38 different hashes.
To abstract information about hashing algorithms present on a server, to rank by approximated fitness, and to allow the end-user (webmaster) to select which hash they desire for security. Serves to permit selection of secure, fast, hashes and dynamically set the character length of the database password, session, and any other hashed fields.
To allow easy, simplistic access to this data from installation scripts.
My only request is that: if you make money by using this script in your software please consider sending me a small chunk. No obligation, just a request. Feel free to PM me about it, if you so desire.
Base PHL script
Sample function for fitness color coding
README <-- it isn't there to be ignored!
Documentation, generated by phpDocumentor
Salathe, for the regex pattern that works. (Location documented in source.)
* MANY tweaks to relatavisticStrength() in the test script.
* Full overhaul of the calculateFitness() method, yields better results.
* Test script now shows fatally flawed hashes visibly.
* XML file strength ratings rounded down to plain integers.
* Switched dummy generation to inside getInstance() so unless you
use the phlHashList class there won't be any file generation.
* Classes renamed to 'phl' prefix, HashLib object now 'phl'.
- Throughput is now tested on a 512kb file once for speed comparison, PHP
may have slight performance trouble in hashing with MD2. Hashes are
done once, not three times, and no average or standard deviation are
? Perhaps I should implement a blacklist to ban the slowest hashes,
like MD2. Could extend to ones such as Adler and CRC.
% Documentation with phpDocumentor is relatively complete.
? Maybe make a custom template, the one I've got has bugs that drive
me up the wall. Like a front page with no version info, no author
list, or even copyright notice. Not good.
% Deprecation cleanup.
? Still considering the possibility of a cUrl update method, not likely
Version 1.0 -- the "PHP Hash Library"
* Full rewrite from scratch
* 100% object oriented
* Less procedural generation
? Not sure how to remove the dummy file generation
without loosing efficiency; may use DEFINE instead.
* Processing times averaged over three tests
* Standard deviation is calculated and used to weigh
the algorithm's general fitness.
* All data, save speed (dynamic calculation on end server)
stored in an XML file.
? Support cURL updating of XML database as algorithms
* Full object oriented sorting of items supported
* Singleton-Factory design style
* Rewrite to export significant data to XML
Version 0.1 -- Codename "Uber-Hash"
* Basic features
* 100% procedural
__________________ Programmers are in a race with the Universe to create bigger and better idiot-proof programs, while the Universe is trying to create bigger and better idiots. So far the Universe is winning. - Rich Cook
The Following 3 Users Say Thank You to RobertK For This Useful Post: