## Blockchain 101

### How are passwords secured?  

Passwords are used to limit access to certain sensitive information and resources. Consequently they have to be stored safely, in addition to storing them in places inaccessible to unauthorised entities, they also need to be stored in a format that would be incoherent to an attacker in the event they got the stored password.

One method used to produce such formats is called hashing. When you hash a password, idealy the only feasible way to know which password produced the hash is to keep guessing and comparing.


Open this [link](https://passwordsgenerator.net/sha256-hash-generator/) in new window to use an online sha256 generator for the next section.  


#### Scenario  

You register an account on www.example.com with the following details

email: someone@emailprovider.com  
password: passphrase

if www.example.com uses sha256 to hash their passwords, the result of 

`sha256_hash('passphrase')`  

will be

_1E089E3C5323AD80A90767BDD5907297B4138163F027097FD3BDBEAB528D2D68_ 

this is the value that will be stored in the database alongside your email address. Next time you need to login, you'll provide your email and your plain text password. Their system will hash the password you provide and compare it with the value they stored when you registered. If it is an exact match, then the password must be the you used to register.  
Supposing you misstype the password when trying to login a provide _passphras_ forgetting the _e_ at the end, the result of  

`sha256_hash('passphras')`  

is  

_A1A823955CF47EC05D4A893A191E5ECAD47BA62DFA7603CFA6DA6273914342D6_  

this does not match the value stored when you registered, hence the password is rejected.

#### Fun activity  

Using any method known to you or any of your friends, try and find out which string of characters   
produce the following hash.  

_A120C814F62ED670C00DD16E53ED6EAEB78A79731B449D3C47AA5115F907189C_   




<details><summary>CLICK HERE FOR THE SOLUTION</summary>
<p>
    
This is the text the produces that hash  
```Passwords are used to limit access to certain sensitive information and resources. Consequently they have to be stored safely, in addition to storing them in places inaccessible to unauthorised entities, they also need to be stored in a format that would be incoherent to an attacker in the event they got the stored password.
```

</p>
</details>

### Practical hashing using sha256  
We'll be using sha256 primarily for this tutorial, it is a production grade hashing algorithm.  

The following are the samples used in the article.

In [1]:
# Native python library containing implementations of popular hash algorithms
import hashlib

In [2]:
hashlib.sha256(b"passphrase").hexdigest()

'1e089e3c5323ad80a90767bdd5907297b4138163f027097fd3bdbeab528d2d68'

In [3]:
hashlib.sha256(b"passphras").hexdigest()

'a1a823955cf47ec05d4a893a191e5ecad47ba62dfa7603cfa6da6273914342d6'

In [4]:
text = b"Passwords are used to limit access to certain sensitive information and resources. Consequently they have to be stored safely, in addition to storing them in places inaccessible to unauthorised entities, they also need to be stored in a format that would be incoherent to an attacker in the event they got the stored password."

hashlib.sha256(text).hexdigest()

'a120c814f62ed670c00dd16e53ed6eaeb78a79731b449d3c47aa5115f907189c'

### Other examples of hash algorithms and more samples

In [5]:
hashlib.algorithms_available

{'BLAKE2b512',
 'BLAKE2s256',
 'MD4',
 'MD5',
 'MD5-SHA1',
 'MDC2',
 'RIPEMD160',
 'SHA1',
 'SHA224',
 'SHA256',
 'SHA384',
 'SHA512',
 'blake2b',
 'blake2b512',
 'blake2s',
 'blake2s256',
 'md4',
 'md5',
 'md5-sha1',
 'mdc2',
 'ripemd160',
 'sha1',
 'sha224',
 'sha256',
 'sha384',
 'sha3_224',
 'sha3_256',
 'sha3_384',
 'sha3_512',
 'sha512',
 'shake_128',
 'shake_256',
 'whirlpool'}

In [6]:
hashlib.sha256(b"hello").hexdigest()

'2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824'

In [7]:
hashlib.sha3_256(b"hello").hexdigest()

'3338be694f50c5f338814986cdf0686453a888b84f424d792af4b9202398f392'

In [8]:
hashlib.sha3_512(b"hello").hexdigest()

'75d527c368f2efe848ecf6b073a36767800805e9eef2b1857d5f984f036eb6df891d75f72d9b154518c1cd58835286d1da9a38deba3de98b5a53e5ed78a84976'

In [9]:
h = hashlib.new('ripemd160')
h.update(b"hello")
h.hexdigest()

'108f07b8382412612c048d07d13f814118445acd'

In [10]:
h = hashlib.new('whirlpool')
h.update(b"hello")
h.hexdigest()

'0a25f55d7308eca6b9567a7ed3bd1b46327f0f1ffdc804dd8bb5af40e88d78b88df0d002a89e2fdbd5876c523f1b67bc44e9f87047598e7548298ea1c81cfd73'

### Formal definition of a hash algorithm   
A hash function is a function that takes a set of inputs of any arbitrary size and fits them into a table or other data structure that contains fixed-size elements.

### Comparisons between hash algorithms, pros and cons.

Summary  
1. [Comparison of cryptographic hash functions - Wikipedia](https://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions)  

Detailed  
1. [Hashing Functions and Their Uses In Cryptography - University of Missouri-St. Louis](http://www.umsl.edu/~siegelj/information_theory/projects/HashingFunctionsInCryptography.html)

2. [Introduction to Modern Cryptography (2nd edition) Chapter 5 (PDF)](http://web.cse.ohio-state.edu/~lai.1/5351/6.Hash.pdf)

3. [Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance](https://eprint.iacr.org/2004/035.pdf)


### Project Solution

In [None]:
# import hashlib 
print("Infinate Loop ")
while 1:
    text = input(">>> ")
    print(hashlib.sha256(bytes(text, 'utf-8')).hexdigest())

Infinate Loop 
>>> mango
6815f3c300383519de8e437497e2c3e97852fe8d717a5419d5aafb00cb43c494
>>> banana
b493d48364afe44d11c0165cf470a4164d1e2609911ef998be868d46ade3de4e
>>> I bet no one will ever crack this
0ac45018c4502cdaaf9e7ff932e972697012f793370a209fd40dddfdd35a83a4


[Yours Truly](https://github.com/wangai)