Hashing Algorithm usage

MD5 has been totally deprecated for usage when collisions may be an issue - we should migrate to SHA-1 going forward. SHA-1 isn't the best choice either - it's relatively performance hungry since it is designed to be cryptographically secure. Something like Murmurhash3 would be much more desirable (and it is 128-bits). But SHA-1 is the best choice of the built-in PHP hash algorithms.
horde · Oct 28, 2013 · a8f5392 · a8f5392
1 parent 0dc52d0
commit a8f5392
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/horde/docs/CODING_STANDARDS b/horde/docs/CODING_STANDARDS
@@ -869,3 +869,18 @@ fread() to get the stream data::
     while (!feof($stream)) {
         echo fread($stream, 8192);
     }
+
+
+Hashing Algorithm
+=================
+
+SHA-1
+-----
+SHA-1 is the recommended algorithm to use for non-cryptographic hashing
+actions::
+
+    $hash = hash('sha1', $string);
+
+MD5 should NOT be used, as it has known collision issues. (NOTE: SHA-1 hashes
+are 160-bit vs. MD5 hashes which are 128-bit; care needs to be taken if
+switching between methods regarding storage side of the hash string).