0

I would like to hash a numeric string because I do not want people to know the exact number for various security and other reasons. How about doing it so?

        $number = X; // get my number from wherever
        $secret     = mt_rand(); // or maybe another randomly generated secret!?
        $hash       = hash_hmac("sha256", $number, $secret); // or maybe another algo!?

So when I want to retrieve the number, I will just compare the hash generated with the hash returned from the app, which is already stored in the database, and I can lookup the number by this hash. Would this be unique enough to handle a number larger than 64 characters? And, yes, I am serious. This is for statistical data and it will get huge... huge numbers, most probably more than 64 characters long.

Regards!

lion
  • 97
  • 2
  • 13
  • Let's just say the world is more likely to face an extinction level event because of an asteroid impact than you could get a hash collision with SHA-256: https://stackoverflow.com/questions/4014090/is-it-safe-to-ignore-the-possibility-of-sha-collisions-in-practice – Loek Feb 28 '19 at 11:49
  • 1
    I was looking for a straightforward answer like "Yes. It is unique enough because...", but I like the examples given. Thanks! – lion Feb 28 '19 at 12:17
  • 1
    Yes, it is unique enough! Haha. I like the example of literally all the hard drives in the world filled to the brim with 1mb file and still only 0.01% chance of a hash collision. Let's just say SHA-256 always generates a unique hash. – Loek Feb 28 '19 at 15:14
  • Thank you! Saves me the hassle to analyse joke examples, though useful, while thinking about lots of other things... – lion Feb 28 '19 at 16:07

0 Answers0