# Computational Theory 

## Introduction 

## Libraries

In [710]:
# For numerical data and methods 
import numpy as np 
# For symbolic mathematics
import sympy as sp

## Problem 1: Binary Words and Operations


The `numpy.uint32()` constructor ([see official documentation]( https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.int32)) ensures that values are stored and treated as 32-bit unsigned integers in NumPy, which is important for consistency and compatibility in numerical computations.


### Parity Function
The `parity` function calculates the bitwise XOR of three 32-bit integers, as defined in the SHA-1 algorithm. For each bit position, it returns a result of 1 when an odd number of the input values is set to 1, and 0 otherwise. This is implemented as `x ^ y ^ z`.

In [711]:
def parity(x,y,z):
    """Calculate the parity of three 32-bit integers"""
    # np.uint32 ensures inputs are treated as 32-bit unsigned integers as per SHA-1 specification.
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to keep only the lower 32 bits, handles negative numbers correctly and simulates 32-bit overflow behavior.
    x = np.uint32(x & 0xFFFFFFFF)
    y = np.uint32(y & 0xFFFFFFFF)
    z = np.uint32(z & 0xFFFFFFFF)

    # Calculate the bitwise XOR of the three 32-bit values to get the parity.
    parity_output = np.uint32(x ^ y ^ z)
    # Return the result.
    return parity_output

### Test Parity Function
This section tests the `parity` function with various inputs to verify its correctness.

In [712]:
# This array holds the test cases for the parity function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("TEST 1: parity(0, 0, 0)", (0, 0, 0), 0), # Test 1: All zeros.
    ("\nTEST 2: parity(1, 0, 0)", (1, 0, 0), 1), # Test 2: One non-zero input.
    ("\nTEST 3: parity(1, 1, 0)", (1, 1, 0), 0), # 3: Two non-zero inputs.
    ("\nTEST 4: parity(-1, -2, -3)", (-1, -2, -3), 4294967293), # 4: Negative numbers.
    ("\nTEST 5: parity(2, -4, 5)", (2, -4, 5), 7), # 5: Mixed inputs.
    ("\nTEST 6: parity(1, 1, 1)", (1, 1, 1), 1), # 6: All ones.
    ("\nTEST 7: parity(-1, -1, -1)", (-1, -1, -1), 4294967295), # 7: Three negative inputs.
]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = parity(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)


TEST 1: parity(0, 0, 0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 2: parity(1, 0, 0)
Result : 0x1 Expected : 0x1 Correct : True

TEST 3: parity(1, 1, 0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 4: parity(-1, -2, -3)
Result : 0xfffffffc Expected : 0xfffffffd Correct : False

TEST 5: parity(2, -4, 5)
Result : 0xfffffffb Expected : 0x7 Correct : False

TEST 6: parity(1, 1, 1)
Result : 0x1 Expected : 0x1 Correct : True

TEST 7: parity(-1, -1, -1)
Result : 0xffffffff Expected : 0xffffffff Correct : True


### Ch (choose) Function
The `choose` function, used in the SHA-224 and SHA-256 algorithms, calculates a conditional selection among three 32-bit integers. For each bit position, it returns the bit from y if the bit in x is 1, or the bit from z if the bit in x is 0. This is implemented as `(x & y) ^(~x & z)`.

In [713]:
def ch(x, y, z):
    """Calculate the choose function for three 32-bit integers"""
    # np.uint32 ensures inputs are treated as 32-bit unsigned integers as per SHA-1 specification.
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to keep only the lower 32 bits, handles negative numbers correctly and simulates 32-bit overflow behavior.
    x = np.uint32(x & 0xFFFFFFFF)
    y = np.uint32(y & 0xFFFFFFFF)
    z = np.uint32(z & 0xFFFFFFFF)
    
    # Bitwise AND of x and y.
    bitwise_and = (x & y)
    # Bitwise complement of x, then AND with z.
    bitwise_complement_and = (~x) & z
    # Calculate the bitwise XOR of the two results and cast to 32-bit integer.
    # This selects bits from y or z based on the value of x.
    ch_output = np.uint32(bitwise_and ^ bitwise_complement_and)
    
    # Return the result.
    return ch_output 

### Test Ch Function
This section tests the `ch` function with various inputs to verify its correctness.

In [714]:
# This array holds the test cases for the parity function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("TEST 1: ch(0, 0, 0)", (0, 0, 0), 0),
    ("\nTEST 2: ch(1, 1, 1)", (1, 1, 1), 1),
    ("\nTEST 3: ch(0, 0, 1)", (0, 0, 1), 1),
    ("\nTEST 4: ch(1, 1, 0)", (1, 1, 0), 1),
    ("\nTEST 5: ch(-1, -1, -1)", (-1, -1, -1), 4294967295),
    ("\nTEST 6: ch(-1, 0, 1)", (-1, 0, 1), 0),
]

for label, args, expected_result in tests:
    print(label)
    test_result = ch(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", test_result == expected_result)


TEST 1: ch(0, 0, 0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 2: ch(1, 1, 1)
Result : 0x1 Expected : 0x1 Correct : True

TEST 3: ch(0, 0, 1)
Result : 0x1 Expected : 0x1 Correct : True

TEST 4: ch(1, 1, 0)
Result : 0x1 Expected : 0x1 Correct : True

TEST 5: ch(-1, -1, -1)
Result : 0xffffffff Expected : 0xffffffff Correct : True

TEST 6: ch(-1, 0, 1)
Result : 0x0 Expected : 0x0 Correct : True


### Majority Function
The `maj` function, used in the SHA-224 and SHA-256 algorithms, calculates the majority value among three 32-bit integers. For each bit position, it returns 1 if at least two of the three bits among x, y, and z are 1, and 0 otherwise. This is implemented as `(x & y) ^ (x & z) ^ (y & z)`.

In [715]:
def maj(x, y, z):
    """Calculate the majority value of three 32-bit integers."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to ensure only the lower 32 bits are kept to handle negative inputs correctly.
    x = np.uint32(x & 0xFFFFFFFF)
    y = np.uint32(y & 0xFFFFFFFF)
    z = np.uint32(z & 0xFFFFFFFF)

    # Bitwise AND of x and y.
    bitwise_and_x_y = (x & y)   
    # Bitwise AND of x and z.
    bitwise_and_x_z = (x & z) 
    # Bitwise AND of y and z.   
    bitwise_and_y_z = (y & z)   

    # Calculate the bitwise XOR of the three results to get the majority value and cast to a 32-bit integer.
    maj_output = np.uint32(bitwise_and_x_y ^ bitwise_and_x_z ^ bitwise_and_y_z)
    # Return the result.
    return maj_output 

### Test Maj Function
This section tests the `maj` function with various inputs to verify its correctness.

In [716]:
# This array holds the test cases for the maj function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("TEST 1: maj(0, 0, 0)", (0, 0, 0), 0), # Test 1: All zeros
    ("\nTEST 2: maj(1, 1, 1)", (1, 1, 1), 1), # Test 2: All ones
    ("\nTEST 3: maj(1, 0, 0)", (1, 0, 0), 0), # Test 3: One non-zero input
    ("\nTEST 4: maj(2, 2, 0)", (2, 2, 0), 2), # Test 4: Two non-zero inputs
    ("\nTEST 5: maj(3, 5, 7)", (3, 5, 7), 7), # Test 5: All different numbers

]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = maj(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)


TEST 1: maj(0, 0, 0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 2: maj(1, 1, 1)
Result : 0x1 Expected : 0x1 Correct : True

TEST 3: maj(1, 0, 0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 4: maj(2, 2, 0)
Result : 0x2 Expected : 0x2 Correct : True

TEST 5: maj(3, 5, 7)
Result : 0x7 Expected : 0x7 Correct : True


### Rotate Right (rotr)
This helper function performs a bitwise rotate right operation on a 32-bit word. It is used in cryptographic algorithms such as SHA-1 and SHA-224/256, where rotation operations are part of the hash computation. In this project, `rotr` is a key component in the implementation of the sigma functions required for these algorithms.

In [717]:
def rotr(x,n):
    """Rotate right operation for 32-bit words: A helper function for the sigma functions."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    x = np.uint32(x)
    # 32 bit word size
    return np.uint32(((x >> n) | (x << np.uint32(32 - n))) & np.uint32(0xFFFFFFFF))


### Sigma0 Function
In the SHA-224 and SHA-256 algorithms, the `sigma0` function applies a series of bitwise operations to a single 32-bit integer.  It computes the bitwise XOR of three rotated versions of the input value — one by two bits to the right, one by thirteen bits, and one by twenty-two bits. This is implemented as `ROTR^2(x) ^ ROTR^13(x) ^ ROTR^22(x)`.

In [718]:
def sigma_upper_0(x):
    """Calculate the Sigma0 value for a 32-bit integer."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to ensure only the lower 32 bits are kept to handle negative inputs correctly.
    x = np.uint32(x & 0xFFFFFFFF)
    
    # Compute the bitwise XOR of three right rotated versions of the input value(x).
    return (rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22))


### Test Sigma0 Function
This section tests the `Sigma0` function with various inputs to verify its correctness.

In [719]:
# This array holds the test cases for the sigma_upper_0 function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("\nTEST 1: sigma_upper_0(5)", (5,), 1076368385), # Test 1: A number other than 0 or 1
    ("\nTEST 2: sigma_upper_0(0)", (0,), 0), # Test 2: A zero input
    ("\nTEST 3: sigma_upper_0(1)", (1,), 1074267136), # Test 3: Input of one
    ("\nTEST 4: sigma_upper_0(-1)", (-1,), 4294967295), # Test 4: A negative input

]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = sigma_upper_0(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)



TEST 1: sigma_upper_0(5)
Result : 0x40281401 Expected : 0x40281401 Correct : True

TEST 2: sigma_upper_0(0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 3: sigma_upper_0(1)
Result : 0x40080400 Expected : 0x40080400 Correct : True

TEST 4: sigma_upper_0(-1)
Result : 0xffffffff Expected : 0xffffffff Correct : True


### Sigma1 Function 
In the SHA-224 and SHA-256 algorithms, the `Sigma1` function applies a series of bitwise operations to a single 32-bit integer.  It computes the bitwise XOR of three rotated versions of the input value — one by six bits to the right, one by 11 bits, and one by twenty-five bits. This is implemented as `ROTR^6(x) ^ ROTR^11(x) ^ ROTR^25(x)`.

In [720]:
def sigma_upper_1(x):
    """Calculate the Sigma1 value for a 32-bit integer."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to ensure only the lower 32 bits are kept to handle negative inputs correctly.
    x = np.uint32(x & 0xFFFFFFFF)

    # Compute the bitwise XOR of three right-rotated versions of the input value(x).
    return (rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25))

### Test Sigma1 Function
This section tests the `Sigma1` function with various inputs to verify its correctness.

In [721]:
# This array holds the test cases for the sigma_upper_1 function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("\nTEST 1: sigma_upper_1(5)", (5,), 346030720), # Test 1: Input other than 0 or 1
    ("\nTEST 2: sigma_upper_1(0)", (0,), 0), # Test 2: A zero input
    ("\nTEST 3: sigma_upper_1(1)", (1,), 69206144), # Test 3: An input of one
    ("\nTEST 4: sigma_upper_1(-1)", (-1,), 4294967295), # Test 4: A negative input
]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = sigma_upper_1(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)



TEST 1: sigma_upper_1(5)
Result : 0x14a00280 Expected : 0x14a00280 Correct : True

TEST 2: sigma_upper_1(0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 3: sigma_upper_1(1)
Result : 0x4200080 Expected : 0x4200080 Correct : True

TEST 4: sigma_upper_1(-1)
Result : 0xffffffff Expected : 0xffffffff Correct : True

Result : 0x14a00280 Expected : 0x14a00280 Correct : True

TEST 2: sigma_upper_1(0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 3: sigma_upper_1(1)
Result : 0x4200080 Expected : 0x4200080 Correct : True

TEST 4: sigma_upper_1(-1)
Result : 0xffffffff Expected : 0xffffffff Correct : True


### The sigma0 Function 
In the SHA-224 and SHA-256 algorithms, the `sigma0` function applies a series of bitwise operations to a single 32-bit integer. It computes the bitwise XOR of two right-rotated versions of the input value—one rotated right by 7 bits, one rotated right by 18 bits—and the value shifted right by 3 bits. This is implemented as `ROTR^7(x) ^ ROTR^18(x) ^ SHR^3(x)`.

In [722]:
def sigma_lower_0(x):
    """Calculate the sigma0 value for a 32-bit integer."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to ensure only the lower 32 bits are kept to handle negative inputs correctly.
    x = np.uint32(x & 0xFFFFFFFF)

    # Compute the bitwise XOR of two right-rotated versions of the input value and the right-shifted value.
    return (rotr(x, 7) ^ rotr(x, 18) ^ (x >> 3))

### Test sigma0 Function 
This section tests the `sigma0` function with various inputs to verify its correctness.

In [723]:
# This array holds the test cases for the sigma_lower_0 function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("\nTEST 1: sigma_lower_0(5)", (5,), 167854080), # Test 1: Input other than 0 or 1

    ("\nTEST 2: sigma_lower_0(0)", (0,), 0), # Test 2: A zero input

    ("\nTEST 3: sigma_lower_0(1)", (1,), 33570816), # Test 3: An input of one

    ("\nTEST 4: sigma_lower_0(-1)", (-1,), 536870911), # Test 4: A negative input
]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = sigma_lower_0(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)



TEST 1: sigma_lower_0(5)
Result : 0xa014000 Expected : 0xa014000 Correct : True

TEST 2: sigma_lower_0(0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 3: sigma_lower_0(1)
Result : 0x2004000 Expected : 0x2004000 Correct : True

TEST 4: sigma_lower_0(-1)
Result : 0x1fffffff Expected : 0x1fffffff Correct : True


### The sigma1 Function 
In the SHA-224 and SHA-256 algorithms, the `sigma1` function applies a series of bitwise operations to a single 32-bit integer. It computes the bitwise XOR of two right-rotated versions of the input value : one rotated right by 7 bits, one rotated right by 18 bits, and the value shifted right by 3 bits. This is implemented as `ROTR^17(x) ^ ROTR^19(x) ^ SHR^10(x)`.

In [724]:
def sigma_lower_1(x):
    """Calculate the sigma1 value for a 32-bit integer."""
    # The np.uint32() constructor ensures inputs are treated as unsigned 32-bit integers. 
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    # Mask with 0xFFFFFFFF to ensure only the lower 32 bits are kept to handle negative inputs correctly.
    x = np.uint32(x & 0xFFFFFFFF)

    # Compute the bitwise XOR of two right-rotated versions of the input value and the right-shifted value.
    return (rotr(x, 17) ^ rotr(x, 19) ^ (x >> 10))

### Test sigma1 Function 
This section tests the `sigma1` function with various inputs to verify its correctness.

In [725]:
# This array holds the test cases for the sigma_lower_1 function - each test case is a tuple containing: the test label, the input arguments, and the expected result.
tests = [
    ("\nTEST 1: sigma_lower_1(5)", (5,), 139264), # Test 1: Input other than 0 or 1
    ("\nTEST 2: sigma_lower_1(0)", (0,), 0), # Test 2: A zero input
    ("\nTEST 3: sigma_lower_1(1)", (1,), 40960), # Test 3: An input of one
    ("\nTEST 4: sigma_lower_1(-1)", (-1,), 4194303), # Test 4: A negative input

]
# look through and run each test
for label, args, expected_result in tests:
    print(label)
    test_result = sigma_lower_1(*args)
    print("Result :", hex(int(test_result)), "Expected :", hex(expected_result), "Correct :", int(test_result) == expected_result)



TEST 1: sigma_lower_1(5)
Result : 0x22000 Expected : 0x22000 Correct : True

TEST 2: sigma_lower_1(0)
Result : 0x0 Expected : 0x0 Correct : True

TEST 3: sigma_lower_1(1)
Result : 0xa000 Expected : 0xa000 Correct : True

TEST 4: sigma_lower_1(-1)
Result : 0x3fffff Expected : 0x3fffff Correct : True


## Problem 2: Fractional Parts of Cube Roots 

This section computes the SHA‑256 constant words by generating the first 64 primes, taking their cube roots, extracting the fractional parts, scaling each fractional part by 232 and truncating to capture the first 32 binary bits, formatting those 32‑bit values as 8‑hex‑digit words, and finally comparing the resulting hex list with the authoritative constants from FIPS 180‑4.

### The primes(n) function 
The `sympy.prime` function ([see official documentation](https://docs.sympy.org/latest/modules/ntheory.html#sympy.ntheory.generate.prime)) returns the nth prime number, and `sympy.primerange` ([see official documentation](https://docs.sympy.org/latest/modules/ntheory.html#sympy.ntheory.generate.primerange)) generates all prime numbers in a given range. These functions are used together in this project to efficiently return a list of the first *n* prime numbers.
This approach ensures both clarity and extensibility in the code.

In [726]:
def primes(n):
    """ Return a list of the first n prime numbers."""
    # Use sympy.prime to find the nth prime
    # See: https://docs.sympy.org/latest/modules/ntheory.html#sympy.ntheory.generate.prime
    # Use sympy.primerange to generate all primes up to and including the nth prime
    # See: https://docs.sympy.org/latest/modules/ntheory.html#sympy.ntheory.generate.primerange
    return list(sp.primerange(sp.prime(n) + 1))

### Calculate Cube Roots of the First 64 Primes
Generate the first 64 prime numbers using the `primes(n)` function. Next, calculate the cube root of each prime using NumPy's `cbrt` function ([see official documentation](https://numpy.org/devdocs/reference/generated/numpy.cbrt.html)), which efficiently applies the cube root operation to every element in the input array. This vectorized approach ensures accuracy and performance.

In [727]:
# Get the first 64 prime numbers.
primes_list = primes(64)  
# A list to hold the cube roots of the primes.
cube_roots = []
# Calculate the cube root of each prime number and store it in the list.
# np.cbrt computes the cube root of each element in the input array.
# See: https://numpy.org/devdocs/reference/generated/numpy.cbrt.html
cube_roots = np.cbrt(primes_list)
# Print the cube roots of the first 64 prime numbers.
print(cube_roots)

[1.25992105 1.44224957 1.70997595 1.91293118 2.22398009 2.35133469
 2.57128159 2.66840165 2.84386698 3.07231683 3.14138065 3.33222185
 3.44821724 3.50339806 3.60882608 3.75628575 3.89299642 3.93649718
 4.0615481  4.14081775 4.1793392  4.29084043 4.36207067 4.4647451
 4.59470089 4.65700951 4.68754815 4.7474594  4.77685618 4.83458813
 5.0265257  5.07875308 5.15513674 5.18010147 5.30145919 5.32507402
 5.39469071 5.46255557 5.50687845 5.57205466 5.63574079 5.65665283
 5.75896522 5.77899657 5.81864787 5.83827246 5.95334181 6.06412699
 6.1001702  6.11803317 6.15344949 6.20582179 6.22308425 6.30799355
 6.35786118 6.40695858 6.45531481 6.47127363 6.51868392 6.54991162
 6.56541443 6.6418522  6.74599671 6.77516895]


### Extract fractional parts of the cube roots 
The NumPy `modf()` ([see official documentation](https://numpy.org/doc/stable/reference/generated/numpy.modf.html)) function returns the fractional and integral parts of an input array. This function is used for its speed and efficiency in separating the components.

In [728]:
# np.modf() function returns two tuples - the fractional and integral parts of the input array.
# See: https://numpy.org/doc/stable/reference/generated/numpy.modf.html
fractional, integer = np.modf(cube_roots)
# Print only the fractional parts of the cube roots.
print(fractional)

[0.25992105 0.44224957 0.70997595 0.91293118 0.22398009 0.35133469
 0.57128159 0.66840165 0.84386698 0.07231683 0.14138065 0.33222185
 0.44821724 0.50339806 0.60882608 0.75628575 0.89299642 0.93649718
 0.0615481  0.14081775 0.1793392  0.29084043 0.36207067 0.4647451
 0.59470089 0.65700951 0.68754815 0.7474594  0.77685618 0.83458813
 0.0265257  0.07875308 0.15513674 0.18010147 0.30145919 0.32507402
 0.39469071 0.46255557 0.50687845 0.57205466 0.63574079 0.65665283
 0.75896522 0.77899657 0.81864787 0.83827246 0.95334181 0.06412699
 0.1001702  0.11803317 0.15344949 0.20582179 0.22308425 0.30799355
 0.35786118 0.40695858 0.45531481 0.47127363 0.51868392 0.54991162
 0.56541443 0.6418522  0.74599671 0.77516895]



### Extract first thirty-two bits of the fractional part
Shift the fractional part of the cube roots 32 bits in front of decimal point to bring the first 32 binary digits into the integer part, then convert it to an integer.


In [729]:
# A list to hold the first 32 bits of the fractional parts of the cube roots.
bits = []
# Loop through each fractional part of the cube roots.
for number in fractional:
    # Shift the fractional part 32 bits to the left to bring the digits into the integer part.
    shifted = number * (2 ** 32)
    # Convert the result to an integer and append it to the bits list.
    bits.append(int(shifted))

# Print the integer representation of the first 32 bits of the fractional parts of the cube roots.
print(bits)


[1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298]


### Display result in hexadecimal
Convert the fractional bits to be displayed in hexadecimal.


In [730]:
# A list to hold the hexadecimal representation of the bits.
hex_bits = []
for bit in bits:
    # Format each integer as an 8 character hexadecimal string.
    hex_bits.append(f"{bit:08x}")

# Print the hexadecimal representation of the bits.
print(hex_bits)


['428a2f98', '71374491', 'b5c0fbcf', 'e9b5dba5', '3956c25b', '59f111f1', '923f82a4', 'ab1c5ed5', 'd807aa98', '12835b01', '243185be', '550c7dc3', '72be5d74', '80deb1fe', '9bdc06a7', 'c19bf174', 'e49b69c1', 'efbe4786', '0fc19dc6', '240ca1cc', '2de92c6f', '4a7484aa', '5cb0a9dc', '76f988da', '983e5152', 'a831c66d', 'b00327c8', 'bf597fc7', 'c6e00bf3', 'd5a79147', '06ca6351', '14292967', '27b70a85', '2e1b2138', '4d2c6dfc', '53380d13', '650a7354', '766a0abb', '81c2c92e', '92722c85', 'a2bfe8a1', 'a81a664b', 'c24b8b70', 'c76c51a3', 'd192e819', 'd6990624', 'f40e3585', '106aa070', '19a4c116', '1e376c08', '2748774c', '34b0bcb5', '391c0cb3', '4ed8aa4a', '5b9cca4f', '682e6ff3', '748f82ee', '78a5636f', '84c87814', '8cc70208', '90befffa', 'a4506ceb', 'bef9a3f7', 'c67178f2']


### Test results against Secure Hash Standad 
This section compares the computed hexadecimal bits against the hex list defined in the Secure Hash Standard (FIPS 180-4).

In [731]:
# The expected SHA-256 constants (from FIPS 180-4 4.2.2) in hexadecimal format for comparison.
# See: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
shs_hex_list = [
    "428a2f98", "71374491", "b5c0fbcf", "e9b5dba5", "3956c25b", "59f111f1", "923f82a4", "ab1c5ed5",
    "d807aa98", "12835b01", "243185be", "550c7dc3", "72be5d74", "80deb1fe", "9bdc06a7", "c19bf174",
    "e49b69c1", "efbe4786", "0fc19dc6", "240ca1cc", "2de92c6f", "4a7484aa", "5cb0a9dc", "76f988da",
    "983e5152", "a831c66d", "b00327c8", "bf597fc7", "c6e00bf3", "d5a79147", "06ca6351", "14292967",
    "27b70a85", "2e1b2138", "4d2c6dfc", "53380d13", "650a7354", "766a0abb", "81c2c92e", "92722c85",
    "a2bfe8a1", "a81a664b", "c24b8b70", "c76c51a3", "d192e819", "d6990624", "f40e3585", "106aa070",
    "19a4c116", "1e376c08", "2748774c", "34b0bcb5", "391c0cb3", "4ed8aa4a", "5b9cca4f", "682e6ff3",
    "748f82ee", "78a5636f", "84c87814", "8cc70208", "90befffa", "a4506ceb", "bef9a3f7", "c67178f2"
]

# Compare the computed hexadecimal values with the expected SHA-256 constants.
if hex_bits == shs_hex_list:
    print("The computed hexadecimal values match the expected SHA-256 constants.")
else:
    print("The computed hexadecimal values do not match the expected SHA-256 constants.")

The computed hexadecimal values match the expected SHA-256 constants.


## Problem 3: Padding


The `block_parse` function is a generator that follows the Secure Hash Standard's rules for padding and block parsing. It accepts a bytes object as input and yields each 512-bit (64-byte) block of the message after applying the required padding. Padding is performed by appending a '1' bit, followed by zero bytes, and then the original message length represented as an 8-byte big-endian integer. Each block yielded by the function is ready for processing by SHA cryptographic routines. 

In [732]:
def block_parse(message):
    """Pad a bytes message for SHA-256 and yield 64‑byte blocks."""
    #  Message length in bits (len(message) is bytes; 1 byte = 8 bits).
    message_length = len(message) * 8  

    # Append 0x80 (a single '1' bit then seven '0' bits) as the required '1' bit padding.
    padded_message = message + b'\x80'
    
    # Compute how many 0x00 bytes to add so total length is 56 (mod 64), leaving 8 bytes for the length field.
    zero_padding = (56 - len(padded_message) % 64) % 64

    # Append the computed zero bytes (k) to reach the 56 mod 64 boundary.
    padded_message +=  b'\x00' * zero_padding 

    # Append original message length in bits as a 64‑bit big‑endian integer.
    padded_message += message_length.to_bytes(8, 'big')
    
    # Yield successive 64‑byte (512‑bit) blocks: using a generator avoids building a list of blocks in memory making it more efficient.
    for i in range(0, len(padded_message), 64):
        yield padded_message[i:i+64]

### Get the message length in bits 
`len(message) * 8`

One character is 8 bits. To get the lenght of the message in bits the length must be multiplied by 8.
len(message) returns the number of bytes (3). Multiply by 8 to get the length in bits (3 * 8 = 24). SHA padding and length fields use bit-length.

In [733]:
# Example 
message = b"abc"
message_length = len(message) * 8
print(message)
print(message_length)

# lenght of 'abc' is 3 = 24 bits

b'abc'
24


### Append a byte with a single '1' bit followed by seven '0' bits
`message + b'\x80'`

`b'\x80'`is a bytes literal containing a single byte 0x80 (binary 10000000). In SHA padding this represents the required "1" bit followed by seven "0" bits.

In [734]:
# The original message in binary.
print(' '.join(f'{byte:08b}' for byte in message))  

# The message after padding with '1' bit and seven '0' bits at the end.
padded_message = message + b'\x80'
print(' '.join(f'{byte:08b}' for byte in padded_message))  

01100001 01100010 01100011
01100001 01100010 01100011 10000000


### Compute number of zero bytes to reach 56 (mod 64)
`(56 - len(padded_message) % 64) % 64`

This calculates how many 0x00 bytes to append after the single 0x80 byte so the total length before the final 8‑byte length field is congruent to 56 modulo 64 (56 bytes into a 64‑byte block). SHA-256 requires the last 8 bytes of the final block to hold the message bit-length.

In [735]:
# Calculate the number of zero bytes to pad so that the length is 56 mod 64 bytes
zero_padding = (56 - len(padded_message) % 64) % 64
print(zero_padding)

52


### Append k zero bytes 
`padded_message += b'\x00' * k`

Appends k zero bytes (each 0x00) to the bytes object padded_message.
Used here to ensure (message + 0x80 + zero_padding) is 56 bytes modulo 64 so the final 8‑byte length field can be appended and the full padded message length becomes a multiple of 64 bytes (512 bits), as required by SHA-256 padding.

In [736]:
# Append k zero bytes
padded_message +=  b'\x00' * zero_padding
print(padded_message)

b'abc\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'


### Append the original message length as a 64-bit block
`message_length.to_bytes(8, 'big')`

Converts the integer message_length into an 8‑byte (64‑bit) big‑endian bytes object.
'big' means the most significant byte goes first, which matches the SHA‑256 / FIPS 180 convention.

`padded_message += message_length.to_bytes(8, 'big')`

Appends that 8‑byte length field to the padded message. In SHA‑256 this final 64‑bit value holds the original message length (in bits) and completes the padding so the total length is a multiple of 64 bytes (512 bits).

In [737]:
# Append the original message length as a 64-bit block 
padded_message += message_length.to_bytes(8, 'big')
print(padded_message)

b'abc\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18'


### Helper Function 
The  `print_blocks` helper fucntion prints each block in binary for review.

Prints the input message and then shows each 512‑bit (64‑byte) block produced by block_parse(msg) in binary per byte form. This helper function is used to verify SHA padding and block parsing.

In [738]:
def print_blocks(msg):
    """Print the binary and hexadecimal representation of each 512-bit block."""
    print(f"Input: {msg}")
    # Parse the message into 512-bit blocks and print each block in binary and hexadecimal format.
    # Iterate over each block 
    for i, block in enumerate(block_parse(msg)):
        # Convert each block to an 8-bit binary string and display in hexidecimal.
        print(f"Block {i + 1}: ", end='') 
        # Display in binary 
        print(' '.join(f'{byte:08b}' for byte in block)) 
        # print(f"Block {i + 1}: {block.hex()}") # display in hexadecimal
    print()

### Test Block Parse Function 
This section tests the `block_parse` function with various inputs to verify its correctness.The first step of SHA padding appends a single '1' bit and then zeros.
We represent that initial '1' bit plus seven zeros as the single byte `0x80` (binary `10000000`) and append it to the message.

Important: the message must be a `bytes` object (for example `b"abc"`).
If your message is a `str`, convert it first using `message.encode('utf-8')` before concatenating `b'\x80'`.

After appending `0x80` we will add zero bytes until the padded message length is congruent to 56 (mod 64),
and finally append the 64-bit big-endian length of the original message. The code cell below shows the immediate result after appending `0x80`.


In [739]:
# Test 1: Short message
print_blocks(b"abc")

# Test 2: Message that fits exactly in one block (55 bytes)
print_blocks(b"A" * 55)

# Test 3: Message that causes two blocks (more than 56 bytes)
print_blocks(b"B" * 60)

# Test 4: Empty message
print_blocks(b"")

# Test 5: Message of length exactly 64 bytes (should cause two blocks)
print_blocks(b"C" * 64)

Input: b'abc'
Block 1: 01100001 01100010 01100011 10000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00011000

Input: b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
Block 1: 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 01000001 0

## Problem 4: Hashes

Calculates the next hash value given the current hash value and the next message block according to section 6.2.2 SHA-256 Hash Computation on page 22 of the Secure Hash Standard.


Preprocessing stage of sha-256 

In [740]:
def get_message_blocks(message):
    """Return a list of 512-bit blocks; each block is a list of 16 big-endian 32-bit words."""
    # Create an empty list to hold all blocks - each block is a list of 16 words
    blocks = []  
    # 'Message' is the result of call block_parse(msg) which yields 64-byte blocks and iterate over each block
    # We take each 64 byte block and split it into 16 pieces of 4 bytes so the algorithm can treat each piece as one 32‑bit number.
    for block_bytes in message:
        # Create a list to hold the 16 words for this current block
        words = []  
        # There are 16 words per 64-byte block
        for i in range(16):  
            # Take 4 bytes for the 32-bit word 
            chunk = block_bytes[i*4:(i+1)*4]  
            # Convert the 4 byte big-endian chunk into an int and append
            words.append(int.from_bytes(chunk, 'big'))  
            # Append the completed list of 16 words for this block to the blocks list
        blocks.append(words)  
     # Return the list of all blocks - each block is a list of 16 integers
    return blocks 

In [741]:
# initial hash values for SHA-256 section 6.2.2)
H_0_words = [
    np.uint32(0x6a09e667),
    np.uint32(0xbb67ae85),
    np.uint32(0x3c6ef372),
    np.uint32(0xa54ff53a),
    np.uint32(0x510e527f),
    np.uint32(0x9b05688c),
    np.uint32(0x1f83d9ab),
    np.uint32(0x5be0cd19),
]

def H_0():
    return H_0_words.copy()


In [742]:
# preprocessing steps 
msg = (b"abc")
H = H_0()
# padding and parsing the message 
# padding and parsing the message 
message = block_parse(msg)
message_blocks = get_message_blocks(message)

In [743]:
K = [np.uint32(int(x, 16)) for x in shs_hex_list]

In [744]:
def hash(current, block):
    """Compute the SHA-256 hash of the given message blocks."""
    # Write a function hash(current, block) that calculates the next hash value given the current hash value and the next message block according to section 6.2.2 SHA-256 Hash Computation on page 22 of the Secure Hash Standard.
    # process each 512-bit block
    # W stores the 64 32-bit words for the current message block
    W = []
    # PART 1 - Prepare the message schedule for the first 16 32-bit blocks 
    # Each 512-bit block is split into 16 big-endian 32-bit words to prepare for the message schedule.
    for t in range(16):
        # Each word is copied into the list 'W' and masked with `0xffffffff` to ensure they remain 32-bit integers.
        W.append(int(block[t]) & 0xffffffff)
    # Prepare the message schedule for the first 16 32-bit blocks 
    # For each t in rnage 16-64 expand the message into a 64-word schedule that mixes input bits to finish the message schedule.
    for t in range(16, 64):
        s1 = sigma_lower_1(W[t - 2])
        s0 = sigma_lower_0(W[t - 15])
        new_w = (int(s1) + W[t - 7] + int(s0) + W[t - 16]) & 0xffffffff
        # Append each new word to W, ensuring it remains a 32-bit integer.
        W.append(new_w)

    # PART 2 - Initialise the eight working variables 
    # Copy the intermediate hash words into working variables defined in the SHA-256 specification.
    # Mask each working variable with `0xffffffff` to keep 32-bit behavior. These variables are then updated by each of the 64 rounds.    
    a = int(current[0]) & 0xffffffff
    b = int(current[1]) & 0xffffffff
    c = int(current[2]) & 0xffffffff
    d = int(current[3]) & 0xffffffff
    e = int(current[4]) & 0xffffffff
    f = int(current[5]) & 0xffffffff
    g = int(current[6]) & 0xffffffff
    h = int(current[7]) & 0xffffffff

    # PART 3 - Shuffle the values 
    # For each round in the 64 rounds of SHA-256, update the working variables using the SHA-256 functions and constants.
    for t in range(64):
        T1 = (int(h) + int(sigma_upper_1(e)) + int(ch(e, f, g)) + int(K[t]) + int(W[t])) & 0xffffffff
        T2 = (int(sigma_upper_0(a)) + int(maj(a, b, c))) & 0xffffffff

        h = g
        g = f
        f = e
        e = (d + T1) & 0xffffffff # Mask each addition with `0xffffffff` to model the 32-bit overflow.
        d = c
        c = b
        b = a
        a = (T1 + T2) & 0xffffffff # Mask each addition with `0xffffffff` to model the 32-bit overflow.

    # PART 4 - Compute the intermediate hash value
    # After 64 rounds, the working variables are added back into H:
    # Each variable is converted to np.uint32 to keep 32-bit representation.
    H = np.array([
        a + current[0], b + current[1], c + current[2], d + current[3],
        e + current[4], f + current[5], g + current[6], h + current[7],
    ], dtype=np.uint32)

    # return digest bytes (32 bytes)
    return H

### Helper function 
The H_to_digest helper converts the internal hash state into the final 32-byte SHA-256 digest. It:
- casts each word to a an int,
- encodes each word as a 4-byte big-endian value (most significant byte first),
- concatenates the eight 4-byte values to produce the 32-byte digest.
Use H_to_digest(H).hex() to get the hexadecimal string for display. Big-endian ordering matches the SHA-256 spec.

In [745]:
def H_to_digest(H):
    """Convert list of 8 words into 32-byte digest bytes."""
    # Cast each word to an int then convert to 4 bytes big-endian.
    # int(word).to_bytes(4, 'big') : 4-byte big-endian representation of the 32-bit word.
    # b''.join(...) : concatenates the 8 four-byte words into the final 32-byte digest.
    return b''.join(int(word).to_bytes(4, 'big') for word in H)


### Preprocessing steps 

- `H = H_0()` - load initial hash constants from a function to just call a simple H instead of a heax value evry time.
- `N = len(block)` - number of 512-bit blocks to process.
- `for i in range(N)` - process each block in order.


### Preparing the message schedule W for the first block (16 words).

Take the first 512‑bit block and put those 16 big‑endian 32‑bit numbers into a list named W. Masking each word with 0xFFFFFFFF forces them to behave as unsigned 32‑bit values, and this list W becomes the starting 16 words that will later be expanded to a 64‑word message schedule used in the 64 SHA‑256 rounds.

In [746]:
# Take the first 512-bit message block (contains 16 32-bit words)
block0 = message_blocks[0]
# Mask each word to 32 bits to ensure unsigned 32-bit behavior
W = [w & 0xFFFFFFFF for w in block0]
# Print the first 16 words in 8-digit hexadecimal form for inspection
print("W[0..15] (hex):", [f"{w:08x}" for w in W])

W[0..15] (hex): ['61626380', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000000', '00000018']


### Message schedule expansion for t >= 16.

The loop expands the initial 16 words into 64 by repeatedly combining shifted versions of nearby earlier words plus two older words, using 32‑bit addition with wraparound so the result matches the SHA‑256 specification.

In [747]:
for t in range(16, 64):
    # Compute small-sigma1 on W[t-2] (bit shifts)
    s1 = sigma_lower_1(W[t - 2])
    # Compute small-sigma0 on W[t-15] (bit shifts)
    s0 = sigma_lower_0(W[t - 15])
    # Form new W[t] = (s1 + W[t-7] + s0 + W[t-16]) mod 2^32 and append
    W.append((s1 + W[t - 7] + s0 + W[t - 16]) & 0xFFFFFFFF)

# Print a few expanded words in hex for inspection
print("W[16..19] (hex):", [f"{W[i]:08x}" for i in range(16, 20)])
# Confirm W has been expanded to 64 words
print("Total W length:", len(W))

W[16..19] (hex): ['61626380', '000f0000', '7da86405', '600003c6']
Total W length: 64


### Initialise working variables from current H 

Initialize a..h by copying the eight 32‑bit words from the current hash state H (masked to 32 bits) so the compression function operates on local working variables that are updated across the 64 rounds.

In [748]:
# Copy intermediate hash words into working variables a..h, ensuring 32-bit wraparound
a = H[0] & 0xFFFFFFFF  
b = H[1] & 0xFFFFFFFF  
c = H[2] & 0xFFFFFFFF 
d = H[3] & 0xFFFFFFFF 
e = H[4] & 0xFFFFFFFF  
f = H[5] & 0xFFFFFFFF 
g = H[6] & 0xFFFFFFFF 
h = H[7] & 0xFFFFFFFF 

# Print the initial working variables in hexadecimal for quick inspection
print("a..h initial (hex):", [hex(v) for v in (a, b, c, d, e, f, g, h)])

a..h initial (hex): ['0x6a09e667', '0xbb67ae85', '0x3c6ef372', '0xa54ff53a', '0x510e527f', '0x9b05688c', '0x1f83d9ab', '0x5be0cd19']


### One round demonstration: compute T1 and T2 and update working vars.

This cell shows a single SHA‑256 compression round: it computes `T1 = (h + Σ1(e) + Ch(e,f,g) + K_t + W_t)` and `T2 = (Σ0(a) + Maj(a,b,c))`, masks both to 32 bits to model modular 2^32 arithmetic, then advances the working registers by rotating the variables and updating `e = (d+T1)` mod 2^32 and `a = (T1+T2)` mod 2^32.

In [749]:
t = 0
# Compute T1 and T2 cast results to Python int to avoid numpy scalar overflow,
# Then mask to 32 bits to model 32-bit wraparound)
T1 = (int(h) + int(sigma_upper_1(e)) + int(ch(e, f, g)) + int(block0[t]) + int(W[t])) & 0xFFFFFFFF
T2 = (int(sigma_upper_0(a)) + int(maj(a, b, c))) & 0xFFFFFFFF

# Shuffle variables as in SHA-256 round:
h = g
g = f
f = e
e = (d + T1) & 0xFFFFFFFF
d = c
c = b
b = a
a = (T1 + T2) & 0xFFFFFFFF

# Print the results 
print(f"Round {t}: T1={T1:08x}, T2={T2:08x}")
print("a..h after round (hex):", [f"{v:08x}" for v in (a,b,c,d,e,f,g,h)])

Round 0: T1=73b284d0, T2=08909ae5
a..h after round (hex): ['7c431fb5', '6a09e667', 'bb67ae85', '3c6ef372', '19027a0a', '510e527f', '9b05688c', '1f83d9ab']


### Test Hash
This section performs an end-to-end test of the SHA-256 implementation. It:
- uses the message b'abc',
- applies padding and parses the message into 512-bit blocks,
- runs the compression function on each block to update the intermediate hash state,
- converts the final 8-word state to a 32-byte digest and prints the hex representation.

The known correct SHA-256 digest for "abc" is:
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

Compare the printed out

In [750]:
# Message as a bytes object
msg = b'abc'
# Pad, parse and convert the padded message into 512-bit blocks.
# Each block returned by block_parse(msg) is 64 bytes - get_message_blocks() converts each 64-byte block into a list of 16 big-endian 32-bit words.
message_blocks = get_message_blocks(block_parse(msg))  
# Initialise the hash state to the SHA-256 initial constants.
H = H_0()
# Process each 512-bit block through the SHA-256 compression function.
for block in message_blocks:
    # Update the intermediate hash state with this block.
    H = hash(H, block)
    # Convert the 8-word internal state into a 32-byte digest and then to hex.
    digest_hex = H_to_digest(H).hex()
    # Print the final SHA-256 digest for this message.
    print("SHA-256 Digest:", digest_hex)

SHA-256 Digest: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad


## Problem 5: Passwords


In [751]:
# The following are the SHA-256 hashes of three common passwords that have been hashed using one pass of the SHA-256 algorithm. As strings, they were encoded using UTF-8. Determine the passwords and explain how you found them. 
# common passwords 

hashed_passwords_list = ["5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", 
                  "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34",
                  "b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342"]


In [752]:
K = [np.uint32(int(x, 16)) for x in shs_hex_list]

In [None]:
def find_password(hashed_passwords, password_list):
    targets = set(h.lower() for h in hashed_passwords)
    # Dictionary to hold found passwords
    found = {}

    f = open(password_list)
    passwords = f.readlines()

    for password in passwords:
        # Remove trailing spaces from the text 
        password = password.strip()

        # Encode the password as UTF-8
        msg = password.encode('utf-8')
        # Pad and parse the message into blocks
        message = block_parse(msg) # yields 64-byte blocks
        message_blocks = get_message_blocks(message) # list of blocks (each is 16-word list)

        # Start from initial chaining value
        H = H_0()

        for block_words in message_blocks:
            H = hash(H, block_words)

        digest_hex = H_to_digest(H).hex()

        if digest_hex in hashed_passwords and digest_hex not in found:
            # print(f"Password found: {password} -> {digest_hex}")
            found[digest_hex] = password
            # stop early if all passwords have been found 
            if len(found) == len(targets):
                break

    return found

In [762]:
# runs for about 20 seconds 
result = find_password(hashed_passwords_list, "common_passwords_10000.txt")

# loop through all passwords in found dictionary containing the password and the hash. 
for hashed, password in result.items():
    # print the found password with its hash
    print(f"Password found: {password} -> {hashed}")


Password found: password -> 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
Password found: cheese -> 873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34
Password found: P@ssw0rd -> b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342


In [771]:
# Loop through in password in the found list and compare them against the given hash values  
for hashed, password in result.items():
    # Check if the hashed password is in the given password list 
    if hashed in hashed_passwords_list:
        match = hashed_passwords_list.index(hashed)
        # compare and print True if they match
        print(hashed == hashed_passwords_list[match], ": the password matches")


True : the password matches
True : the password matches
True : the password matches


### Test the find_passwords function
This sections emsures the found hashes are correct compared to the given ones 

### How the passwords were found

To decipher the paswords that were hashed with one pass i of the SHA-256 algorithm I used a dictionary attack. A dictionary attack is essentially systematically trying every word in a dictionary to find a match.([see reference](https://rublon.com/blog/brute-force-dictionary-attack-difference/))


In this case, the dictionary used was a list of 10,000 common passwords. The `find_passwords()` operates by:

1 - Taking in a list of hashed passwords and a text file of common passwords in plain text.</br>
2 - Stripping the passwords of any trailing spaces.</br>
3 - Encoding the passwords to standard UTF-8.</br>
4 - Padding and parsing the password to be hashed.</br>
5 - Hashing the password.</br>
6 - Comparing the target hash against the hash computed from the dictionary.</br>

In short, I found the passwords by gathering a list of 10,000 common passwords, hasing each individual password in the list, and finally comparing it to the target hashes, which resulted in finding all target hashes.


### Suggest ways in which the hashing of passwords could be improved to prevent the kind of attack you performed to find the passwords

To increase the strength of a passwords, prepending can be used. Prepending is when information is added to the beginning of a password or a string to increase the security. ([see reference](https://www.swindx.com/glossary/prepending/))

To use prependings to improve the hashing you can take the first few numbers of the hash and prepend it to the origional hash 

For example:</br>
One common password is 'password' its hash is : 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

Extract the firts 8 digits and prepend it this is the output :
5e884895e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

Why this works
</br>
- Changing the hash value to a fixed it amount makes it much harder the perform an attack on.
- Prepending the hash value would make it prevent it from appearing in a dictionary attack.



As you can see, with a few simple changes prepending is a quick and efficient method to strenghten a password.

## End