Learnt about Hashing via Udacity Web Development CS253 Course. Some notes...
Hashing is good for:
- encrypting clear-text messages.
- verifying files.
- Say we want to store a password called "hello world".
- It is unsafe to store "hello world" as a clear text on the database.
- It is better to store it as a hashed value.
- `HashValue = aFunction("text-string")
- For example, HashValue for "hello world" with SHA256 algorithm is
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
- i.e. given a text-string, we can compute a HashValue easiily. The reverse is however designed to be VERY HARD.
- changing the "text-string" slightly will significantly vary the HashValue. For example: HashValue for "hello world0" with SHA256 algorithm is
f9684703170819cff074d756ac8f7e44cb82c8638c51ea05e359425441100e6d
(which looks totally different to the one we computed for "hello world"). - Say we have stored the hashed password, we can do a logic test like this (pseudocode):
IF hashValue of passwordEntered AND hashValue of userNameEntered MACHES the ones stored on database
THEN authorized
ELSE
not authorized
For file veriication we, the logic is similar:
IF hashValue of the fileSent MACHES hashValue of the fileReceived
THEN verified
ELSE
not verified
Simple hashing scripts to demo hashing a string with some common pre-built hashing algorithms.
Chuns-MacBook-Pro:~ johnny$ ipython
Python 2.7.10 |Anaconda 2.4.0 (x86_64)| (default, Oct 19 2015, 18:31:17)
Type "copyright", "credits" or "license" for more information.
IPython 4.0.0 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object', use 'object??' for extra details.
In [1]: import hashlib
In [2]: hashlib.
hashlib.algorithms hashlib.md5 hashlib.sha1 hashlib.sha384
hashlib.algorithms_available hashlib.new hashlib.sha224 hashlib.sha512
hashlib.algorithms_guaranteed hashlib.pbkdf2_hmac hashlib.sha256
In [2]: hashlib.md5("hello world").hexdigest()
Out[2]: '5eb63bbbe01eeed093cb22bb8f5acdc3'
In [3]: hashlib.sha1("hello world").hexdigest()
Out[3]: '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
In [4]: hashlib.sha256("hello world").hexdigest()
Out[4]: 'b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9'
In [5]: hashlib.sha512("hello world").hexdigest()
Out[5]: '309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f'