I need to store my user's credit card hash(fingerprint) for future recognition, so as to always show their orders easily without going through my payment provider's card lookup.
I need a very short algorithm in PHP, but sodium_crypto_shorthash isn't collision-resistant which makes me doubt it.
$key = 'jNuVurmAili4Otic';
//echo bin2hex(sodium_crypto_generichash('4242424242424242', $key,16));//32 strlen
echo bin2hex(sodium_crypto_shorthash('4242424242424242', $key)); // 16 strlen
Is there any secure collision-free PHP 7 hashing algorithm that can output maximum of 12 length after bin2hex?
The reason SipHash64 is not collision-resistant is its small output size. Any hash function with 64-bit output, or a hash truncated to 64-bit will likely collide after 2^32 messages have been hashed.
You are asking for something that returns 12 hex characters, which means 6 bytes output. No matter what algorithm you use, after you hash 2^24 (~16 million) card numbers, you will see collisions with high probability.
It can totally acceptable for your application.