English
English
hash_final is a function in PHP to get the final hash value from the hash context. Usually, hash_final will be used with hash_init and hash_update functions to gradually build hash values. The hash value generated by hash_final is immutable.
string hash_final ( resource $context [, bool $raw_output = false ] )
$context : hash context created through functions such as hash_init and hash_update .
$raw_output : If true , the original binary data will be returned; if false (default), the hexadecimal string will be returned.
<?php
$data = "Hello, World!";
$context = hash_init('sha256');
hash_update($context, $data);
$hash = hash_final($context);
echo "Hash value: " . $hash;
?>
Output result:
Hash value: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda01c8007c6f4adf4a0a2
In this example, we use hash_init to initialize a SHA-256 hash context, use hash_update to update the hash data, and get the final hash value through hash_final .
The hash_equals function is a function in PHP that is used to safely compare two hash values. It is a key tool to prevent time attacks. In the absence of hash_equals , a simple == operator comparison hash value may cause time leakage due to different string lengths, which can be exploited by hackers to speculate on certain information.
hash_equals ensures that the same time is consumed in any case by comparing the hash values of two strings, thus avoiding time attacks.
bool hash_equals ( string $known_string , string $user_string )
$known_string : a known hash value (usually a hash value stored in the database).
$user_string : The hash value entered by the user.
<?php
$stored_hash = "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda01c8007c6f4adf4a0a2";
$user_input = "Hello, World!";
if (hash_equals($stored_hash, hash('sha256', $user_input))) {
echo "The hashes match.";
} else {
echo "The hashes do not match.";
}
?>
Output result:
The hashes match.
In this example, hash_equals is used to safely compare the stored hash value with the user input hash value. If the two hashes are equal, it means the input is correct.
Usually, we use hash_final and hash_equals together to ensure that hash values are calculated and compared safely. For example, when dealing with password verification, we will first use hash_final to create a hash value of the password, and then use hash_equals to safely compare the password entered by the user with the hash value stored in the database.
<?php
// Assume that the password submitted by the user
$user_input_password = "user_password123";
// Password hash stored in the database(In the example, hard code)
$stored_password_hash = "a591a6d40bf420404a011733cfb7b190d62c65bf0bcda01c8007c6f4adf4a0a2";
// pass hash_final Calculate the hash value of the input password
$context = hash_init('sha256');
hash_update($context, $user_input_password);
$user_input_hash = hash_final($context);
// use hash_equals Safely compare password hash values
if (hash_equals($stored_password_hash, $user_input_hash)) {
echo "Password is correct.";
} else {
echo "Password is incorrect.";
}
?>
Output result:
Password is correct.
In this example, we use hash_final to calculate the hash value of the user input password, and then compare it with the stored hash value via hash_equals . In this way, we ensure the security of hash comparisons and prevent possible time attacks.
