I have a key, which can be considered secret. I am passing around a string, I must presume the user is able to tamper it and I want to verify it is not tampered.
I could use something like mcrypt_encrypt
store the result, mcrypt_decrypt
when reading or I could use $hash = hash('sha256', $key . $string);
and store $hash . $string
and then verify the hash. The question is a) speed of this -- is there a benchmark comparing the decrypt speed of various crypto algorithm speeds vs a hash b) if I hash several string which all have the same prefix, will that weaken the hash?