What is PHP md5() Function?
Hash or hashing is a mathematical process that converts a variable size data to a fixed length string. The md5() function creates a md5 hash of a string.
How does PHP md5() Function Works?
The function uses RSA Data Security, Inc. MD5 Message-Digest Algorithm. Conceptually, the function follows the following steps to compute the hash-
- It converts the input string to bytes.
- Then, it is broken into 512-bit blocks
- The function uses four 32-bit registers, labeled A, B, C, and D, to hold the intermediate and final hash value.
- Each block goes through 64 rounds of operations (XOR, AND, OR, and NOT).
- Finally, concatenating all four registers to form the final hash.
Syntax:
md5(string, binary)
Parameters:
The Function has 1 required parameter and 1 optional parameter-
string (Required): It specifies the string to be hashed.
binary (Optional): It specifies a Boolean value-
- TRUE – If it is TRUE, the function returns a 16 byte raw binary format of the md5 hash.
- FALSE (default) – If it is FALSE, the function returns a 32 character long hexadecimal number of the md5 hash.
Return Values:
The function returns-
- md5 hash of a string on success or
- FALSE on failure.
Examples:
Example 1:
<?php
$string = "Hi";
$hash = md5($string);
echo "MD5 hash of \"$string\" is: $hash and its length is: " . strlen($hash);
echo "<br />";
$string = "Hi";
$hash = md5($string);
echo "MD5 hash of an empty string is: $hash and still its length is: " . strlen($hash);
?>
Output:
MD5 hash of "Hi" is: c1a5298f939e87e8f962a5edfc206918 and its length is: 32
MD5 hash of an empty string is: c1a5298f939e87e8f962a5edfc206918 and still its length is: 32
Example 2:
<?php
$string = "Hi";
$hash = md5($string, true);
echo "Raw binary format of the MD5 hash of \"$string\" is: $hash and its length is: " . strlen($hash);
?>
Output:
Raw binary format of the MD5 hash of "Hi" is: ��)������b��� iand its length is: 16
Example 3: Comparing a string and its hash-
<?php
$string = "Hi";
$savedHash = "c1a5298f939e87e8f962a5edfc206918"; // md5 hash of "hi".
if (md5($string) === $savedHash){
echo "Hash matched. The string & the hash are same.";
} else {
echo "Hash not matched. The string & the hash are not same.";
}
?>
Output:
Hash matched. The string & the hash are same.
Note on md5() Function:
It is a one-way operation. You cannot “decrypt” a SHA-1 hash back into the original string.
Practical Usages of md5() Function:
- This function is used to check integrity of a file (to know whether the file has been changed or not).
- It can also be used to verify data. But, keep in mind that it doesn’t ensure security of the data.
- This function can also be used for generating unique identifiers.
Caution:
This function is not recommended to use for password security as from two different inputs, the function can create same hash). When using this function for password generation, add salt to the input string, then run it through the function (still not recommended for secure password). A salt is a random, value. See the example below-
<?php
$password = "123456";
$timestamp = time();
$string = $password . $timestamp;
$hash = md5($string);
echo "md5 hash is: $hash";
?>
Output:
Hash matched. The string & the hash are same.
To generate secure passwords, use these functions instead – password_hash() and password_verify(). These functions use Bcrypt or Argon2 which are much more secure.
PHP Version Support:
PHP 4, PHP 5, PHP 7, PHP 8
Summary: PHP md5() Function
md5() function is one of the built-in string functions in PHP. It is a fast and insecure function. Use this function to create 32-character long hexadecimal of a string.