1. sha1 --计算字符串的 sha1 散列值

返回值

返回 sha1 散列值字符串。默认返回值是一个 40 字符长度的十六进制数字。

$str = 'apple';

if (sha1($str) === 'd0be2dc421be4fcd0172e5afceea3970e2f3d940') {

echo "Would you like a green or red apple?";

}

?>

2.md5—计算字符串的 MD5 散列值​​​​​​​

返回值

以 32 字符十六进制数字形式返回散列值。

加盐：

function hash($a) {

$salt=”Random_KUGBJVY”; //定义一个salt值，程序员规定下来的随机字符串

$b=$a.$salt; //把密码和salt连接

$b=md5($b); //执行MD5散列

return $b; //返回散列

}

?>

sha1(md5($pass))

The suggestion to double-hash your password is not a good idea.  You are much much better off adding a variable salt to passwords before hashing (such as the username or other field that is dissimilar for every account).

Double hashing is *worse* security than a regular hash.  What you're actually doing is taking some input $passwd, converting it to a string of exactly 32 characters containing only the characters [0-9][A-F], and then hashing *that*. You have just *greatly* increased the odds of a hash collision (ie. the odds that I can guess a phrase that will hash to the same value as your password).

sha1(md5($pass))makes even less sense, since you're feeding in 128-bits of information to generate a 256-bit hash, so 50% of the resulting data is redundant.  You have not increased security at all.