# Cryptographic Hashing

Explore cryptographic hash functions and their properties using SHA-256.

In [1]:
import hashlib  # Python's standard library for various hash algorithms


In [2]:
# Let's look at a message that contains Unicode characters - any modern text!
message = "Hello, ÏïàÎÖïÌïòÏÑ∏Ïöî, ¬°√Årv√≠zt≈±r≈ë t√ºk√∂rf√∫r√≥g√©p! @ üè´üìöüíªüéì"
print(message)


Hello, ÏïàÎÖïÌïòÏÑ∏Ïöî, ¬°√Årv√≠zt≈±r≈ë t√ºk√∂rf√∫r√≥g√©p! @ üè´üìöüíªüéì


To hash something, we first need to convert it to bytes using UTF-8 encoding
Hash functions work on bytes, not strings


In [4]:
bytestring = "Hello, ÏïàÎÖïÌïòÏÑ∏Ïöî, ¬°√Årv√≠zt≈±r≈ë t√ºk√∂rf√∫r√≥g√©p! @ üè´üìöüíªüéì".encode("utf-8")
print(bytestring)


b'Hello, \xec\x95\x88\xeb\x85\x95\xed\x95\x98\xec\x84\xb8\xec\x9a\x94, \xc2\xa1\xc3\x81rv\xc3\xadzt\xc5\xb1r\xc5\x91 t\xc3\xbck\xc3\xb6rf\xc3\xbar\xc3\xb3g\xc3\xa9p! @ \xf0\x9f\x8f\xab\xf0\x9f\x93\x9a\xf0\x9f\x92\xbb\xf0\x9f\x8e\x93'


In [13]:
# We can always convert bytes back to a string - UTF-8 encoding is reversible
print("Say hi again! " + bytestring.decode("utf-8"))


Say hi again! My message to the world: Say H√§llo to a better hash!


Here's a simple (and very insecure!) hash function to understand the concept
Remember: This is for learning only - never use this in real applications!
We just sum the ASCII values of characters and take modulo 100
See how similar messages produce different hashes


In [14]:
def naivehash(val):
    return str(sum(ord(c) for c in val) % 100)


print("Hash of 'Hello Hashed Message!':   " + naivehash("Hello Hashed Message!"))
print("Hash of 'Hello Hashed Message 2!': " + naivehash("Hello Hashed Message 2!"))


Hash of 'Hello Hashed Message!':   95
Hash of 'Hello Hashed Message 2!': 77


Now let's use SHA-256, a real cryptographic hash function
SHA-256 is what you'll use in real applications because it:
- Always outputs 256 bits (shown as 64 hex characters)
- Practically eliminates chance of collisions
- Can't be reversed to find your input
- Changes completely even if input changes slightly
Create hash and convert to hexadecimal string


In [7]:

bytestring = "My message to the world: Say H√§llo to a better hash!".encode("utf-8")
print("Original message: ")
print(bytestring)

hashed_message = hashlib.sha256(bytestring).hexdigest()
print()
print("Hash: " + hashed_message)


Original message: 
b'My message to the world: Say H\xc3\xa4llo to a better hash!'

Hash: faaff924d97daa6ee5b5e4d2a8eb20aaaba93d0aad6ca50244b3cc13e8383bef


Watch how a tiny change (just capitalizing one letter)
creates a completely different hash!
Even though the messages differ by just one bit,
the hashes are entirely different. This is a key
feature of cryptographic hash functions called
the "avalanche effect"


In [17]:
message1 = "hello"
message2 = "Hello"

hash1 = hashlib.sha256(message1.encode()).hexdigest()
hash2 = hashlib.sha256(message2.encode()).hexdigest()

print(f"Message 1: {message1}")
print(f"Hash 1:    {hash1}")
print()
print(f"Message 2: {message2}")
print(f"Hash 2:    {hash2}")



Message 1: hello
Hash 1:    2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Message 2: Hello
Hash 2:    185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969


In [9]:
# Adding salt (think: Rainbow Tables)
SALT = "__my_random_text_12123414"  # Keep this secret
true_password = "my_password"

salted_true_password = true_password + SALT
print(f"Salted Password is: {salted_true_password}")
true_password_hash = hashlib.sha256(salted_true_password.encode()).hexdigest()


def check_password(login_password_value):
    salted_value = login_password_value + SALT
    return hashlib.sha256(salted_value.encode()).hexdigest() == true_password_hash


Salted Password is: my_password__my_random_text_12123414


Let's look at the scale of SHA-256:
Each hash is 64 characters, and the number of possible values is enormous


In [18]:
print(f"Original Text: {bytestring.decode('utf-8')}")
print(f"Hashed message: {hashed_message}")
print(
    f"The SHA-256 hash is always {len(hashed_message)} characters long and it can take the values 0-9a-f (16 values)."
)
print(f"Number of possible hashes: {16 ** len(hashed_message)}")


Original Text: My message to the world: Say H√§llo to a better hash!
Hashed message: faaff924d97daa6ee5b5e4d2a8eb20aaaba93d0aad6ca50244b3cc13e8383bef
The SHA-256 hash is always 64 characters long and it can take the values 0-9a-f (16 values).
Number of possible hashes: 115792089237316195423570985008687907853269984665640564039457584007913129639936


In [19]:
print("Trying `wrong_password`. Success: " + str(check_password("wrong_password")))


Trying `wrong_password`. Success: False


In [20]:
print("Trying `my_password`. Success: " + str(check_password("my_password")))


Trying `my_password`. Success: True
