2

Which hashing algorithm is used by PHP session.hash_function as default? The following page says that default is md5 "0": http://php.net/manual/en/session.configuration.php#ini.session.hash-function However the hash algo page shows code "0" to be md2. http://php.net/manual/en/function.hash-algos.php

If code "0" on php.ini really corresponds to md5 then what are the codes for other hash algorithms for php.ini ? For example what is the code for sha512?

Improve this question

1 Answer 1

Reset to default
7

If you run print_r(hash_algos()); the follwing array is a more reliable way find which settings is for which algorithm, as stated here

A complete list of supported algorithms can be obtained with the hash_algos() function.

I ran it with the PHP 7.0.5

Array
(
    [0] => md2
    [1] => md4
    [2] => md5
    [3] => sha1
    [4] => sha224
    [5] => sha256
    [6] => sha384
    [7] => sha512
    [8] => ripemd128
    [9] => ripemd160
    [10] => ripemd256
    [11] => ripemd320
    [12] => whirlpool
    [13] => tiger128,3
    [14] => tiger160,3
    [15] => tiger192,3
    [16] => tiger128,4
    [17] => tiger160,4
    [18] => tiger192,4
    [19] => snefru
    [20] => snefru256
    [21] => gost
    [22] => gost-crypto
    [23] => adler32
    [24] => crc32
    [25] => crc32b
    [26] => fnv132
    [27] => fnv1a32
    [28] => fnv164
    [29] => fnv1a64
    [30] => joaat
    [31] => haval128,3
    [32] => haval160,3
    [33] => haval192,3
    [34] => haval224,3
    [35] => haval256,3
    [36] => haval128,4
    [37] => haval160,4
    [38] => haval192,4
    [39] => haval224,4
    [40] => haval256,4
    [41] => haval128,5
    [42] => haval160,5
    [43] => haval192,5
    [44] => haval224,5
    [45] => haval256,5
)

More details:

The function hash_algos returns an array of string. The indexes of the array does not indicate the setting for the ini file. You should use the string, i. e. "sha512" for the ini setting, like session.hash_function = sha512.

As it is written in the docs, to specify a string value is possible since PHP 5.3

Since PHP 5.3.0 it is also possible to specify any of the algorithms provided by the hash extension (if it is available), like sha512 or whirlpool.

To answer your two questions:

  1. What is the default value?

The default value is "0" - as you can see in the offical PHP source code on Github

  1. What other values, despite "0" and "1" are allowed respectively documented?

Well, that's a bit harder to explain, but I try. According to the C implementation for this value, that you can find here. According to the checks inside this function there seem to only be 0 or 1 or other values. The other values seems to be those from the hash_algos() array.

  1. Why is 0=MD5 and 1=SHA1? (you may ask) Because of this enum in C

    enum { PS_HASH_FUNC_MD5, PS_HASH_FUNC_SHA1, PS_HASH_FUNC_OTHER };

Frankly speeking you can put (kind of array-)indexes before which then results in

0 => PS_HASH_FUNC_MD5,
1 => PS_HASH_FUNC_SHA1,
... PS_HASH_FUNC_OTHER
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I downvoted your answer because it doesn't answer the question. The php.ini says code "0" is md5 yet all versions of php show code 0 to be md2 when using print_r(hash_algos());. So looks like php.ini uses different codes than hash algo codes. If so then what are the codes for php.ini.
@Jimski updated my answer with more details. Hopefully that makes things clearer.
@Jimski Edited again, hope it answers your question
@Jimski Thanks a lot! Good we came to the same conclusion, even if it took some time ;)
"Note: This setting was introduced in PHP 5. Removed in PHP 7.1.0. "
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.