What is a hashing function? A hashing function is a function that takes arbitrary input, and returns output with a uniform size (oversimplification, I know). What does this mean? Here's my hashing function:
function myHash($input) {
return $input[0] === 'A' ? "1" : "0";
}
This hash function accepts any sort of string input, and returns an output of a uniform size. Either 0 or 1.
That's not a very good hashing function. It's too easy to find collision (in fact, "0" would be the output of nearly every string you fit in there).
So what does double hashing do?
md5(myHash($something)); // What will this do?
Well, there are only two possible outcomes, either it's the MD5 of "0" or it's the MD5 of "1". So the same problem exists, there are too few possible options. So hashing the result of a hash with a different hash function, doesn't help with getting things more secure. md5
alone would have been much more secure than combining md5
with myHash
.
Given all that, password_hash()
provides a much better hashing algorithm than md5()
, and by doubling the hash, you removed a lot of the "betterness".