Storing Binary Data in Database for Security

Question

I am trying to secure my online transactions a bit more.

The process I am using for online transactions is: 1. User generates order 2. User redirects to bank to pay (i.e. paypal) 3. Bank (paypal) contacts a .php page (Paypal IPN) to tell me the order has gone through. 4. Users order has gone through.

In every transaction I generate, I create a sha512 string out of the data. I want to store this in the database, to authenticate the order information when the PayPal IPN contacts me to tell me that the order is complete.

In order to save database space, I recently read this answer and thought maybe it would be good to store the string in a binary column. The question I have is how do I do this with PHP?

So say I have a string:

A99ACAF1FA7337F451C344C84F6800037F17EABBC32073ECEA6688B4BAD116BDB288B0D24DE7DD5C53E26A0B41242B2D2D065EDFDA5C16B4706CD5DC57226580

In PHP, how do I convert that to a binary value so that I can store it in the database? And will it still be unique like the above string? The best I can think to do is the PHP string pack, but I am unsure how to use it. Or whether it's the right way to use it. Normally I would just store the above hash into a VARCHAR(512) but I want to keep database size down, and 512 characters seems like a lot of data.

Answer 1

echo hash('sha512', 'hash_string', true);

The third argument is raw_output: when set to TRUE, outputs raw binary data. (doc). Since there's a one to one correspondence between hexits and their binary value, you don't lose "uniqueness".

The length is always a 64 byte string. But if you write the hash in hexits, then it will be 128 characters, not 512.