MD5 in PHP [Why? How? Explained]
This tutorial is on using MD5 encryption in PHP.
MD5 is built in to PHP and is only a one way encryption. This means that even if someone was able to gain access to an encrypted md5 string, called an 'MD5 Hash', it is unlikely they would be able to convert the hash back in to the original plain text string.
Decryption in most cryptography languages essentially work by using the reverse algorithm to the encryption algorithm used by the cryptography method in question. But because MD5 Hashes are encryption only (and not decryption), the only way the plain text may be revealed is by 'Cracking' the hash.
Cracking in terms of cracking an MD5 encrypted string (MD5 Hash) is when many plain text strings are encrypted through MD5, then to be compared with the MD5 hash waiting to be cracked. If the two hashes match, it means the plain text that was just encrypted is the plain text of the hash waiting to be cracked.
There are various online crackers for MD5 hashes which have large databases full of plain texts encrypted through MD5, all ready to compare with the one waiting to be cracked. So basically, although MD5 is not 100% safe, it safer than other more convensional cryptography.
It is important that cryptography is not overused in applications or web services because some cryptography can take a large amount of hardware resources overtime. Only encrypt the information needed (such as passwords to MD5).
As mentioned above, passwords should be converted to MD5 as they are highely sensitive information for users to have stored permanently in a members account database for any website.
To encrypt plain text information in PHP, you simply use the 'md5' function built in to PHP by default. This function takes one string, and returns the md5 encrypted hash.
Below is an example of a password variable named 'pass' with the value of 'password', followed by creating another variable named 'cryptedPass' with the value of the encrypted variable 'pass's value of 'password'...
- $pass = 'password';
- $cryptedPass = md5($pass);