A curated reference of 'magic hashes' in PHP — inputs whose hash outputs begin with '0e' followed by digits, causing PHP's loose comparison operator (==) to treat them as equal to zero in scientific notation. This allows an attacker to authenticate with a different password if the application uses == instead of === for hash comparison. The repository covers MD5, SHA-1, SHA-2 family, CRC32, bcrypt truncation, descrypt truncation, PBKDF2 pre-hashing quirks, and many more algorithms. The fix: always use === or hash_equals() for comparisons, and use password_hash()/password_verify() for passwords.