PHP Encryption Methods: MD5, crypt, sha1, URL Encoding, Base64, hash, and Password Hashing API
This article explains PHP's various encryption techniques—including one‑way hashes (MD5, sha1, hash, crypt), reversible encodings (URL encoding, Base64), and the modern Password Hashing API—providing usage examples, code snippets, and best‑practice recommendations for secure password handling.
PHP encryption methods are divided into one‑way hash, symmetric, and asymmetric encryption. Common one‑way hashes such as MD5, hash, crypt, and sha1 are irreversible; URL encoding and Base64 are reversible symmetric methods; asymmetric encryption uses different keys for encryption and decryption and offers the highest security.
MD5 Encryption
The MD5 algorithm is the most common hash function in PHP, producing a 128‑bit fingerprint that cannot be reversed, typically used to protect passwords and other sensitive data.
<?php
// a sample string
$str = "this is string";
// MD5 hash (default 32‑character hex string)
$res = md5($str);
// MD5 raw binary (16‑byte) output
$res = md5($str, true);
?>crypt() Encryption
The crypt() function performs a one‑way hash using a salt value; if no salt is provided, a random MD5‑based salt is generated. Behavior may vary across operating systems.
<?php
$str = "this is string";
// hash without explicit salt (randomly generated)
$res = crypt($str);
// hash with a two‑character salt (e.g., "jm")
$res = crypt($str, 'jm');
?>sha1 Encryption
Like MD5, sha1() generates an irreversible 160‑bit hash. It accepts an optional boolean to return raw binary output.
<?php
$str = "this is string";
$res = sha1($str); // 40‑character hex string
$res = sha1($str, true); // raw 20‑byte binary string
?>URL Encoding
URL encoding (via urlencode() and urldecode() ) provides a reversible way to encode query strings, useful for transmitting data safely in URLs, though it does not offer true cryptographic security.
<?php
$str = "http://www.example.com?name=foo☎=112";
$res = urlencode($str); // encode
$result = urldecode($res); // decode
?>Base64 Encoding
Base64 converts binary data to an ASCII string, facilitating safe transmission of files (e.g., images) over text‑based protocols. It is not a security mechanism.
base64_encode($data);base64_decode($data);hash Encryption
The hash() function produces a one‑way hash of a given string using a specified algorithm, returning a fixed‑length string.
hash($algorithm, $data);Password Hashing API
Introduced in PHP 5.5, the Password Hashing API provides a simple, secure way to hash passwords using functions such as password_hash() , password_verify() , password_needs_rehash() , and password_get_info() . It defaults to Bcrypt (via PASSWORD_DEFAULT ) and handles salt generation automatically.
<?php
$hash = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($password, $hash)) {
// Password is correct
} else {
// Invalid password
}
// Rehash if algorithm parameters change
if (password_needs_rehash($hash, PASSWORD_DEFAULT, ['cost' => 12])) {
$hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
// Store the new hash
}
?>When using PASSWORD_DEFAULT , ensure the password column can store at least 60 characters; alternatively, PASSWORD_BCRYPT always produces a 60‑character hash.
Laravel Tech Community
Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.