In PHP, which functions are commonly used for hashing and encryption of data?

Introduction / Context:
Security is a critical aspect of modern web applications, and PHP includes many functions to help with hashing and encryption tasks. Interview questions often probe whether candidates can distinguish between hashing and encryption and whether they know some of the commonly used PHP functions for each. This understanding is essential for handling passwords, tokens, and confidential data properly.

Given Data / Assumptions:

• Hashing is a one way process that converts data into a fixed length digest.
• Encryption is a two way process that transforms data into an unreadable form that can be reversed with a key.
• PHP includes built in functions and extensions for both hashing and encryption.
• The question asks for examples of these functions, not an exhaustive list.

Concept / Approach:
For hashing general data, PHP offers functions like md5() and sha1(), as well as the more flexible hash() function, which supports many algorithms such as sha256 and others. For secure password storage, newer PHP versions provide password_hash() and password_verify(), which implement strong hashing algorithms and automatic salting. For encryption and decryption, PHP exposes functions through extensions such as OpenSSL, where openssl_encrypt() and openssl_decrypt() can perform symmetric encryption using algorithms like AES when provided with a key and appropriate options.

Step-by-Step Solution:
Step 1: For simple checksums or legacy code, md5($data) and sha1($data) generate fixed length hashes, though they are not recommended for new high security uses. Step 2: For more flexibility, hash($algo, $data) allows you to choose from many algorithms supported by the underlying system, for example hash("sha256", $data). Step 3: For password storage, password_hash($password, PASSWORD_DEFAULT) creates a strong hash with a salt, and password_verify($password, $hash) checks user input against that stored hash in a secure way. Step 4: For encryption that can be reversed, you can use openssl_encrypt($plaintext, $cipher, $key, $options, $iv) and openssl_decrypt($ciphertext, $cipher, $key, $options, $iv), where $cipher might be aes-256-cbc and $iv is an initialisation vector. Step 5: PHP also has other cryptographic helpers, such as random_bytes() or openssl_random_pseudo_bytes() for generating random values used in keys or tokens. Step 6: These examples illustrate that PHP includes distinct sets of functions for hashing and encryption, which are captured by option a.

Verification / Alternative check:
You can verify these functions by reading PHP documentation or by writing small scripts that compute hashes or encrypt and decrypt sample strings. For example, hashing the same string with md5() and sha1() will produce different fixed length digests, while using openssl_encrypt() followed by openssl_decrypt() with the same key and parameters will recover the original plaintext, confirming the distinction between one way hashing and reversible encryption.

Why Other Options Are Wrong:
Option b is wrong because print() simply outputs text and does not perform any cryptographic transformation. Option c is incorrect because PHP ships with built in functions for hashing and encryption; it does not rely exclusively on external tools. Option d is wrong because mail() sends email; it is not designed as a security function and does not inherently hide or protect data.

Common Pitfalls:
A common pitfall is using simple hashing functions such as md5() or sha1() directly for password storage without salting or stretching, which is insecure against modern attacks. Another issue is misusing encryption functions without understanding key management, initialisation vectors, or cipher modes, which can lead to weak protection. Best practice is to use password_hash() and password_verify() for passwords and to follow established guidelines when using openssl_encrypt() for other sensitive data. Distinguishing clearly between hashing and encryption and knowing the main PHP functions for each is essential for writing secure code.

Final Answer:
PHP provides hashing functions such as md5(), sha1(), and hash(), secure password hashing via password_hash(), and encryption and decryption functions through extensions such as openssl_encrypt() and openssl_decrypt(), which together cover common hashing and encryption needs in PHP applications.