What is PHP sha1() Function?
Hash or hashing is a mathematical process that converts a variable size data to a fixed length string. If you want to calculates the SHA-1 (Secure Hash Algorithm 1) hash of a string use PHP sha1() function. The resulting hash is either a 40-character hexadecimal value or a 20-byte raw binary format.
How does PHP sha1() Function Works?
Conceptually, the function follows the following steps to compute the hash-
- It converts the input string into binary data (ASCII/bytes).
- It pads the data with 1 and 0s and then, it broken into 512-bit blocks each (As sha1 must work in 512-bit blocks).
- It initializes the hash value with 5 fixed constants – H0, H1, H2, H3, H4.
- Each block goes through 80 rounds of operations (AND, OR, XOR and ROTATE).
- Finally, concatenating all five registers to form the final hash.
Syntax:
sha1(string, binary)
Parameters:
The Function has 1 required parameter and 1 optional parameter-
string (Required): It specifies the string to be hashed.
binary (Optional): It specifies a Boolean value-
- TRUE – If it is TRUE, the function returns a 20-byte raw binary format string.
- FALSE (default) – If it is FALSE, the function returns a 40-character long hexadecimal string.
Return Values:
The function returns-
- sha1 hash of a string on success or
- FALSE on failure.
Examples:
Example 1:
<?php
$string = "Hi";
$hash = sha1($string);
echo "sha1 hash of \"$string\" is: $hash and its length is: " . strlen($hash);
echo "<br />";
$string = "Hi";
$hash = sha1($string);
echo "sha1 hash of an empty string is: $hash and still its length is: " . strlen($hash);
?>
Output:
sha1 hash of "Hi" is: 94dd9e08c129c785f7f256e82fbe0a30e6d1ae40 and its length is: 40
sha1 hash of an empty string is: 94dd9e08c129c785f7f256e82fbe0a30e6d1ae40 and still its length is: 40
Example 2:
<?php
$string = "Hi";
$hash = sha1($string, true);
echo "Raw binary format of the sha1 hash of \"$string\" is: $hash and its length is: " . strlen($hash);
?>
Output:
Raw binary format of the sha1 hash of "Hi" is: �ݞ �)Dž��V�/� 0�Ѯ@ and its length is: 20
Example 3: Comparing a string and its hash-
<?php
$string = "Hi";
$savedHash = "94dd9e08c129c785f7f256e82fbe0a30e6d1ae40"; // sha1 hash of "hi".
if (md5($string) === $savedHash){
echo "Hash matched. The string & its sha1 hash are same.";
} else {
echo "Hash not matched. The string & its sha1 hash are not same.";
}
?>
Output:
Hash not matched. The string & its sha1 hash are not same.
Note on sha1() Function:
It is a one-way operation. You cannot “decrypt” a SHA-1 hash back into the original string.
Practical Usages of sha1() Function:
- This function is used to check integrity of a file (to know whether the file has been changed or not).
- It can also be used to verify data. But, keep in mind that it doesn’t ensure security of the data.
- This function can also be used for generating unique identifiers.
Caution:
This function is not recommended to use for password security as from two different inputs, the function can create same hash). When using this function for password generation, add salt to the input string, then run it through the function (still not recommended for secure password). A salt is a random, value. See the example below-
<?php
$password = "password";
$timestamp = time();
$string = $password . $timestamp;
$hash = sha1($string);
echo "sha1 hash is: $hash";
?>
Output:
sha1 hash is: aef1ea64bdd603bdb4a9ebdb02bc58d3a4ea5c19
To generate a secure password, use these functions instead – password_hash() and password_verify(). These functions use Bcrypt or Argon2 which are much more secure.
PHP Version Support:
PHP 4 >= 4.3.0, PHP 5, PHP 7, PHP 8
Summary: PHP sha1() Function
sha1() function is one of the built-in string functions in PHP. It is a fast and insecure function. Use this function to create 32-character long hexadecimal of a string.