I'm in the middle of building a new login/registration class and was going to apply a hashing function to the pw and an activation token, when I came across the hash_hmac function.
I've tried finding out more about it, but info is pretty scarce. Could anybody shine some light on this for me? I gleaned this (leaving out the last parameter for now):
echo hash_hmac('sha256', 'the string to be hashed', 'my_secret_key'); echo hash('sha256', 'the string to be hashed' . 'my_secret_key');
Obviously, I'm not expecting the outputs to be the same, but does the first line have an advantage over the second? The third parameter in line 1 is a key, as opposed to a salt. I've used the string as a salt in line 2. Getting a DVT in my amygdala over this :)
My question's not very clear - is hash_hmac better than hash? Would their uses be different?