Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
Comes from a SO comment
@Josh K: This is a little over-the-top: $hash = sha1(sha1($password) ^ $salt);, $hash = sha1($password.$salt); would work just as well in practice (and faster). Also, the only reason I can think of to sha1(microtime()) is to constrain it to something that can fit in your column, and substr(str(microtime()), 0, 160) would work equally well (and faster), although I doubt microtime() gives a > 160 digit number anyway. Of course, you might be intentionally making it slow (so it would take more time to crack), but the performance should at least be mentioned.
1000 in 0.468002796173 XOR
1000 in 0.465842008591 XOR
1000 in 0.466115951538 XOR
1000 in 0.498080968857 CAT
1000 in 0.506876945496 CAT
1000 in 0.500174045563 CAT
function microtime_float()
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
$start_time = $this->microtime_float();
for($i = 0; $i < 100000; $i++)
// Change . to ^ to test XOR
$sha = sha1(sha1(microtime()) . sha1(microtime()));
$end_time = $this->microtime_float();
error_log("1000 in " . ($end_time-$start_time));
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.