Open in app

Sign in

Write

Sign in

Hashing in Python

Prajwal Mani
Analytics Vidhya
Published in
5 min readOct 23, 2020
Photo by NeONBRAND on Unsplash

Hey, hope you are having a wonderful day!

Let's talk about a simple case scenario

You are building a cool application/website with your team and in some instances, you have to store user passwords in the database, now everyone who has access to the database can see passwords which are in plain text format what if I tell you that a hacker hacks your database using SQL Injection attacks or some other strong attack and unfortunately your application just got released and users are logging in with passwords. Now the hacker can just check the database which is already hacked and get the passwords and alter the user data or exploit them. To tell in simple words your application is less secure.

How to overcome the above problem?

The best solution for the above problem is to use hashing technics for storing the passwords securely and that's what we are talking about in this article today.

What is hashing?

Hashing is the process of converting a given key to another value. A hash function is used to generate the new value according to a mathematical algorithm. The result of a hash function is known as a hash value or simply, a hash.

An image from audienceplay.com

There are different hashing algorithms out there some are secure and fast but some are not. We will be implementing sha256 which comes under the shah-2 series which is a robust hashing algorithm for now.

Sha256 was initially developed by the US National Security Agency in the spring of 2002 becoming the powerful successor of Sha-1.Sha256 returns a unique hash value of 256-bits or 64 hexadecimal digits with an internal block size of 32 bits. It's a bit slower compare to Sha-1 and MD5.

An image from researchgate.net

The above image shows the basic algorithm of Sha256. If you don't understand it's ok it's just a few mathematical computations and let's not dive deep into how this algorithm works we will talk about just implementation.

if you want to check what will be the output of the sha256 when any string is passed to it then here is the link.

I will be using Python 3 to implement this algorithm

To make this simple we will be using a python library which goes by the name of “hashlib

Let's start coding

import hashlib

You don't have to do a pip install for this module because the library comes with python as a default module.

print(hashlib.algorithms_available)

The above code block will list all the hashing algorithms available in hashlib

Output for the previous code block
  • We have a total of 14 hashing algorithms in hashlib
  • You can try out any algorithm and most of them are implemented in the same way
print(hashlib.algorithms_guaranteed)

The above code block will return a list of hashing algorithms that is available for the Python interpreter you are running on.

password=input("Please enter your password:")

We will ask for the user to enter the password

encode_password=password.encode()
print('Password after encoding : {}'.format(encode_password))

encode() method returns encoded version of the password that is in bytes so that we can pass it to shah256()

hash_password=hashlib.sha256(encode_password)
  • We will pass the encoded password to the sha256() function which does hash based on the Sha256 algorithm and return a hash object
  • If you are using a different algorithm then you need to call different a function in the same way and the function name will be the same name as the algorithm
  • We can view this object in two different representations that are byte and hex decimal
print('The byte equivalent of the hash is {}'.format(hash_password.digest()))print('The Hex digits equivalent of the hash is {}'.format(hash_password.hexdigest()))

We are using two functions here:

  • digest(): Returns the hash in byte format
  • hexdigest(): Returns the hash in hex decimal format

so the entire output of all code blocks join together will be

If you want to check out the pure implementation of sha256 then check out this link.

There is another method in python which is a built-in function. if you are not looking for very detailed linings like block size,digest-size or how secure is the algorithm then you can go with a hash()

print(hash('naruto')
#output -4430924599072356031

We learned how to create a hash for a password. Now, what's next?

We can use this in our own small or big projects where we store passwords

  • When the user registers to your website or application you will ask for the password, that password will be hashed let us call that as register_hash_password and kept in the database rather than storing plain text password
  • Next time when the user logs in he needs to enter username and password we gonna take this password and pass it to that hash function
  • We get the hashed version of the password let us call that as login_hash_password now we gonna compare register_hash_password and login_hash_password if it both matches then the authentication is successful

Hope you learned new things from this article today. I tried to keep it simple candid, and short!

Thank you for dedicating a few mins of your day

If you have any doubts just comment down below I will be happy to help you out!

Thank you and don't forget to love yourself!

-Mani

Cybersecurity
Python
Hashing
Database
Sha 256

--

--

Analytics Vidhya
Analytics Vidhya

Published in Analytics Vidhya

69K Followers
Last published Oct 15, 2024

Analytics Vidhya is a community of Generative AI and Data Science professionals. We are building the next-gen data science ecosystem https://www.analyticsvidhya.com

Prajwal Mani
Prajwal Mani

Written by Prajwal Mani

11 Followers
2 Following

Just a random kid who is interested in ML|DL|DS|CS Student.books, poems and singing are my weakness, check me out at :https://linktr.ee/prajwal.mani

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams