I have a key, which can be considered secret. I am passing around a string, I must presume the user is able to tamper it and I want to verify it is not tampered.
I could use something like mcrypt_encrypt store the result, mcrypt_decrypt when reading or I could use $hash = hash('sha256', $key . $string); and store $hash . $string and then verify the hash. The question is a) speed of this -- is there a benchmark comparing the decrypt speed of various crypto algorithm speeds vs a hash b) if I hash several string which all have the same prefix, will that weaken the hash?
