# Hashing Strings in Python

As a quick review from your Plebe Cyber Course, hash functions are one-way
functions with the following properties:

1. Easy (for a computer) to compute the hash for a string
2. Hard (takes way too long) to start with a hash value and construct a string
   that hashes to it
3. Impossible to start with a string and find a different string that hashes to
   the same value -- ideal hash functions produce unique keys

<img src="../images/09hashing.png" alt="Hashing Diagram" width="50%" height="50%" align="left" />
<br clear="all" />
<br clear="all" />

Python's hashing library is quite powerful.  To hash a string in Python
requires four basic steps:

1. Select the algorithm (digest) to use for hashing
2. Encode the string as a series of bytes
3. Hash the encoded string
4. Convert the result to a human-readable hexadecimal representation

### Selecting an algorithm

*The pros / cons and technical details of various hashing algorithms are beyond
the scope of this course.*

You can display the algorithms available on your system using the
`algorithms_available` constant attribute.  This constant lists all the
algorithms available in your system, including the ones available in the Python
distribution as well as those in the `OpenSSl` package.  To use a hashing
function, start by importing the
[hashlib](https://docs.python.org/3/library/hashlib.html) module within your
code.

In [None]:
import hashlib

print(hashlib.algorithms_available)


### Encoding a String as a Series of Bytes

You use the
[encode()](https://docs.python.org/3/library/stdtypes.html#str.encode) method
for string objects to accomplish this.  Encoding strings in byte format is
usually an intermediate step.  We don't normally print the results of byte
encoding, but we can.

<br clear="all" />
<img src="../images/00check.png" align="left" />
<br clear="all" />

When you run the code below, how does Python indicate that a printed string is
encoded in byte format?

In [None]:
import hashlib

s = "Hello World"
sEncoded = s.encode()
print(sEncoded)


### Hashing and Converting to Readable Format

The result of hashing a byte-encoded string is a hash object, which may not be
useful for presentation or analysis. Fortunately the
[hexdigest()](https://docs.python.org/3/library/hashlib.html#hashlib.hash.hexdigest)
method for hash objects converts them into a nice string format that we can
display and analyze.

*NOTE: When you create the `hashObject` in line 4, below, your input string
("Hello World") must be encoded as a sequence of bytes, rather being
represented as a plain string. The `encode()` method for string objects
accomplishes this.*

In [None]:
import hashlib

s = "Hello World"
hashObject = hashlib.md5(s.encode())
readableHash = hashObject.hexdigest()
print(readableHash)


### Practical Implementation

In practice, several of the steps above are usually combined to create concise
code.  Try the example below.

In [None]:
import hashlib

s = input("Enter a string: ")
hex = hashlib.sha1(s.encode()).hexdigest()
print(f"The sha1 hash of \"{s:s}\" is {hex:s}")


## Additional Resources

[Python's hashlib module](https://docs.python.org/3/library/hashlib.html)

[Cryptographic Hash Functions Explained: A Beginner’s
Guide](https://komodoplatform.com/cryptographic-hash-function/)

----

MIT License

Copyright 2019-2022 Peter Nardi

Terms of use:

Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
