hash_hmac()

(PHP 5 >= 5.1.2, PHP 7, PECL hash >= 1.1)

使用 HMAC 方法生成带有密钥的哈希值

说明

参数

要使用的哈希算法名称，例如："md5"，"sha256"，"haval160,4"等。如何获取受支持的算法清单，请参见hash_hmac_algos()函数。

要进行哈希运算的消息。

使用 HMAC 生成信息摘要时所使用的密钥。

设置为TRUE输出原始二进制数据，设置为FALSE输出小写 16 进制字符串。

返回值

如果$raw_output设置为TRUE，则返回原始二进制数据表示的信息摘要，否则返回 16 进制小写字符串格式表示的信息摘要。如果$algo参数指定的不是受支持的算法，返回FALSE。

更新日志

范例

Example #1hash_hmac()例程

以上例程会输出：

b8e7ae12510bdfb1812e463a7f086122cf37e4f7

参见

• hash() 生成哈希值（消息摘要）
• hash_hmac_algos()Return a list of registered hashing algorithms suitable for hash_hmac
• hash_init() 初始化增量哈希运算上下文
• hash_hmac_file() 使用 HMAC 方法和给定文件的内容生成带密钥的哈希值

Very important notice, if you pass array to $data, php will generate a Warning, return a NULL and continue your application. Which I think is critical vulnerability as this function used to check authorisation typically.
Example:

Of course not documented feature.

Please be careful when comparing hashes. In certain cases, information can be leaked by using a timing attack. It takes advantage of the == operator only comparing until it finds a difference in the two strings. To prevent it, you have two options.
Option 1: hash both hashed strings first - this doesn't stop the timing difference, but it makes the information useless.

Option 2: always compare the whole string. 

As Michael uggests we should take care not to compare the hash using == (or ===). Since PHP version 5.6 we can now use hash_equals().
So the example will be: 

Here is an efficient PBDKF2 implementation:

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com