# Navigation
- [Home]({{site.baseurl}}/csa/unit7-p1/unit7-homepage)
- [7.1]({{site.baseurl}}/csa/unit7-p1/unit7-1)
- [7.2]({{site.baseurl}}/csa/unit7-p1/unit7-2)
- [7.3]({{site.baseurl}}/csa/unit7-p1/unit7-3)
- [7.4]({{site.baseurl}}/csa/unit7-p1/unit7-4)
- [7.5]({{site.baseurl}}/csa/unit7-p1/unit7-5)
- [7.6]({{site.baseurl}}/csa/unit7-p1/unit7-6)
- [7.7]({{site.baseurl}}/csa/unit7-p1/unit7-7)

# 7.7: Ethical issues around Data Collection

### Learning Objectives:
- Explaining the risks of privacy from collecting and storing personal data on computer systems.

### Essential Knowledge:
- Data Collection: Methods (cookies, tracking, etc.)
- Ethical Data Use: Identifying Personal data (Personal Identifiable Information, Sensitive Personal Information)
- Security Practices: Data Encryption, Data Anonymization, Data Minimization

## Privacy Protection mechanisms
- Encryption: Encode data for only authorized users to access.
- Anonymization: Remove personal information from data.
- Data Minimization: Collect only necessary data.
- User Control: Allowing users to control how their data is used


In [4]:
// Example string data
String originalData = "mySecretPassword123";

// Generate a hash code for the string
int hash = originalData.hashCode();

// Display the original data and its hash
System.out.println("Original Data: " + originalData);
System.out.println("Hash Code: " + hash);

// Demonstrate that the same string always produces the same hash
String sameData = "mySecretPassword123";
int sameHash = sameData.hashCode();
System.out.println("Same Data Hash: " + sameHash);

// Demonstrate that a small change in data produces a different hash
String modifiedData = "mySecretPassword124";
int modifiedHash = modifiedData.hashCode();
System.out.println("Modified Data: " + modifiedData);
System.out.println("Modified Data Hash: " + modifiedHash);

Original Data: mySecretPassword123
Hash Code: 1107444891
Same Data Hash: 1107444891
Modified Data: mySecretPassword124
Modified Data Hash: 1107444892


### Uses of Hashing
- Hashing is used to store passwords securely but it is not enough for large scale industries.
- Hashing is used to conceal sensitive information like credit card information but not enough to protect it entirely.

### Hashing with Salt

As we talked about earlier in the hashing section, hashing is a one-way function. This means that once you hash a value, you can't get the original value back. This is useful for storing passwords, but it also means that if two users have the same password, they will have the same hash. This is a problem because if an attacker gets access to the hash, they can use a rainbow table to look up the hash and find the original password.

Thus, we use Hasing with Salt which means that even if 2 users have the same password, they will have different hashes because we add a random value to the password before hashing it. This random value is called a salt.

## Homework

### Homework Problem: Exploring Hashing and Privacy Protection (Extra Credit)

#### **Problem:**
Write a Java program that simulates how hashing works in protecting passwords. You will implement the following tasks:

1. **Task 1: Basic Password Hashing**
   - Write a program that accepts a user's password input and generates a hash using the **`hashCode()`** method.
   - Display the original password and the hash to show how the same input always produces the same hash.

2. **Task 2: Salting the Password**
   - Enhance the program by generating a random **salt** for the password. Append the salt to the password before hashing, and display both the salt and the hashed password.
   - Store the salt separately and demonstrate that the same password with a different salt produces a different hash.

3. **Task 3: Verifying the Password**
   - Write a method that simulates logging in by taking a password and salt as input, hashing them again, and comparing the result to the previously stored hash.
   - If the hash matches, display "Login Successful"; otherwise, display "Login Failed."

#### **Extra Challenge (Optional):**
- Research and use the **`MessageDigest`** class in Java to implement password hashing with a more secure algorithm like **SHA-256**. Modify your program to use this instead of `hashCode()`.



In [3]:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Scanner;

public class PasswordHashing {

    // task 1: basic password hashing
    public static void basicHashing(String password) {
        int hash = password.hashCode();
        System.out.println("Original Password: " + password);
        System.out.println("Hash Code: " + hash);
    }

    // task 2: salting the password
    public static String generateSalt() {
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[16];
        random.nextBytes(salt);
        return Base64.getEncoder().encodeToString(salt);
    }

    public static String hashWithSalt(String password, String salt) {
        String saltedPassword = password + salt;
        int hash = saltedPassword.hashCode();
        return Integer.toString(hash);
    }

    // task 3: verifying the password
    public static boolean verifyPassword(String password, String salt, String storedHash) {
        String hash = hashWithSalt(password, salt);
        return hash.equals(storedHash);
    }

    // extra challenge: using SHA-256
    public static String hashWithSHA256(String password, String salt) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(salt.getBytes());
        byte[] hashedPassword = md.digest(password.getBytes());
        return Base64.getEncoder().encodeToString(hashedPassword);
    }

    public static void main(String[] args) throws NoSuchAlgorithmException {
        Scanner scanner = new Scanner(System.in);

        // task 1
        System.out.print("Enter password for basic hashing: ");
        String password = scanner.nextLine();
        basicHashing(password);

        // task 2
        System.out.print("Enter password for salting: ");
        password = scanner.nextLine();
        String salt = generateSalt();
        String saltedHash = hashWithSalt(password, salt);
        System.out.println("Salt: " + salt);
        System.out.println("Salted Hash: " + saltedHash);

        // task 3
        System.out.print("Enter password to verify: ");
        String passwordToVerify = scanner.nextLine();
        boolean isVerified = verifyPassword(passwordToVerify, salt, saltedHash);
        System.out.println(isVerified ? "Login Successful" : "Login Failed");

        // extra challenge
        System.out.print("Enter password for SHA-256 hashing: ");
        password = scanner.nextLine();
        String sha256Hash = hashWithSHA256(password, salt);
        System.out.println("SHA-256 Hash: " + sha256Hash);
    }
}

PasswordHashing.main(new String[]{});

Enter password for basic hashing: Original Password: tanaviscool
Hash Code: 889058953
Enter password for salting: Salt: Azw9HHFGrwMx4Y7V1H65oA==
Salted Hash: -166425407
Enter password to verify: Login Successful
Enter password for SHA-256 hashing: SHA-256 Hash: /PjiQzIfKR4h5amv2Nq9+aXx9vfw88oqoP+2bCxH1KE=
