Add more description for hash extension

Based on this comment by @cmb69: php#3616 (comment) Related to issue php#3616.
jimwins · Jul 30, 2024 · 5af7150 · 5af7150
1 parent a82f9c5
commit 5af7150
Showing 1 changed file with 48 additions and 2 deletions.
diff --git a/reference/hash/book.xml b/reference/hash/book.xml
@@ -9,8 +9,54 @@
  <preface xml:id="intro.hash">
   &reftitle.intro;
   <para>
-   Message Digest (hash) engine.  Allows direct or incremental processing
-   of arbitrary length messages using a variety of hashing algorithms.
+   This extension provides a functions that can be used for direct or
+   incremental processing of arbitrary length messages using a variety of
+   hashing algorithms, including the generation of HMAC (hash-based message
+   authentication code) values and key derivations including HKDF and PBKDF2.
+  </para>
+  <para>
+   There are roughly three categories of hashing algorithms, and a complete list of
+   algorithms can be found in the documentation for <function>hash_algos</function>.
+
+   <itemizedlist>
+    <listitem>
+     <simpara>
+      Checksum algorithms (such as 'crc32' or 'adler32'):
+      These are used to calculate checksums, useful in situations such as when
+      transmission errors are to be detected. They are often very fast. These
+      algorithms often generate values that are easily "guessable" or can be manipulated
+      to create collisions, so they are entirely unsuitable for cryptographic use.
+     </simpara>
+    </listitem>
+    <listitem>
+     <simpara>
+      Non-cryptographic algorithms (such as 'fvn' or 'murmur'):
+      These are often used to calculate hash values for hash tables, as they are
+      designed to yield a good distribution over arbitrary string inputs. They
+      are also generally fast, but also not suitable for cryptographic use.
+     </simpara>
+    </listitem>
+    <listitem>
+     <simpara>
+      Cryptographic algorithms (such as the MD, SHA, or Blake variants):
+      These are designed to yield hash values that are representative of their
+      inputs but are not guessable nor prone to collisions. Performance is often
+      a secondary concern, but modern hardware often supports special handling
+      for these algorithms that PHP tries to use when available.
+     </simpara>
+     <simpara>
+      Some of the early cryptographic algorithms, such as MD4, MD5, and SHA1, have
+      been proven to prone to collision attacks and it is generally recommended
+      to no longer use these for cryptographic applications.
+     </simpara>
+    </listitem>
+   </itemizedlist>
+  </para>
+
+  <para>
+   See also the <link linkend="faq.passwords">FAQ on Safe Password Hashing</link>
+   for information on best practices for using hash functions in handling
+   passwords.
   </para>
  </preface>
  <!-- }}} -->