Assuming that we have salt, which was generated in the database as follows
$salt = time();
What is the difference between these two lines.
$pass1 = hash('sha1', $password . $salt);
$pass2 = hash_hmac('sha1', $password, $salt);
They do not give the same result. The first function hashtakes 2 parameters, and hash_hmac3 parameters. Therefore, you might think that we can get this third additional parameter using $saltseparately (to execute the third parameter), and not concatenate it with the password ( $password . $salt), as in line 2. But this is not so simple, the two results are different. What for? What's going on here?
source
share