<a href="https://colab.research.google.com/github/hthomas229/PurpleCrown/blob/main/hashlib.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

#hashlib
A built in Python module for hashing.

A one-way function tht converts data into a fixed-size string of bytes (i.e a digest).

Used for:

*   Password storage
*   Data integrity verification
*   Digital signatures
*   Blockchain verification -- show slide




In [None]:
import hashlib

Check all available algorithms

In [None]:
hashlib.algorithms_available

{'blake2b',
 'blake2s',
 'md5',
 'md5-sha1',
 'sha1',
 'sha224',
 'sha256',
 'sha384',
 'sha3_224',
 'sha3_256',
 'sha3_384',
 'sha3_512',
 'sha512',
 'sha512_224',
 'sha512_256',
 'shake_128',
 'shake_256',
 'sm3'}

Basic String Hashing

In [None]:
text = "Hello Newman!"
result = hashlib.sha256(text.encode())
result.hexdigest()

'9b9a7059910b2238bd574e1a8b08a772a51e451aa500a7046ab07c39a7e33412'

‚úÖ .encode() ‚Äî required because hashing functions work on bytes

‚úÖ .hexdigest() ‚Äî converts binary digest to a readable hex string

Password Hashing with Verification

In [None]:
# hash

original = "My$uperSecretPassword123"

hashed = hashlib.sha256(original.encode())
hash_value = hashed.hexdigest()

print(f"Original : {original}")
print(f"SHA256 Hash:  {hash_value}")

Original : My$uperSecretPassword123
SHA256 Hash:  0e13224d68bcd37c4c0dd8561ae562faeb818bab9c8b49d4a52d82ae034cddb1


In [None]:
#verify
import hashlib

stored_hash = "0e13224d68bcd37c4c0dd8561ae562faeb818bab9c8b49d4a52d82ae034cddb1"  # from database
user_input = input("Enter password: ")

# Re-hash input
input_hash = hashlib.sha256(user_input.encode()).hexdigest()

if input_hash == stored_hash:
    print("‚úÖ Password verified!")
else:
    print("‚ùå Invalid password.")


Enter password: password123
‚ùå Invalid password.


##Incremental Updates

You can hash in chunks

In [None]:
h = hashlib.sha256()
h.update(b"Hello")   #b tells Python this is already bytes (ASCII string) so no need to encode
h.update(b" ")
h.update(b"Newman")
h.update(b"!")
print(h.hexdigest())

9b9a7059910b2238bd574e1a8b08a772a51e451aa500a7046ab07c39a7e33412


##üßÇ  Adding Salt for Security:

Salt appends or prepends extra data to prevent üåàrainbow attacks.  Hacker just try a rainbow of commmon passwords until one works. The added salt throws them off



In [None]:
import hashlib
import secrets

In [None]:
password = "my$uperSecretPassword123".encode()
salt = secrets.token_bytes(16)  #random 16 byte salt;  remember to use secrets not random for true randomness

hashed = hashlib.pbkdf2_hmac("sha256", password, salt, 100_000)   #100_000 is number of iterations
hashed.hex()

'afa2661ea2ad683bc0edea7fa26caf11b1285cac16113a49eb04a584c3b9d48e'

Notice I used pbkdf2_hmac in the last cell.

‚úÖ pbkdf2_hmac is a secure password hashing method built into hashlib.



It uses HMAC + key stretching (repeated hashing).


##Advanced  -- PBKDF2_HMAC for Passwords

In [None]:
import hashlib
import secrets

def hash_password(password):
    salt = secrets.token_bytes(16)
    key = hashlib.pbkdf2_hmac(
        'sha256',  # Algorithm
        password.encode('utf-8'),  # Convert to bytes
        salt,  # Salt
        100_000  # Iterations
    )
    return salt, key

def verify_password(stored_salt, stored_key, password_attempt):
    new_key = hashlib.pbkdf2_hmac('sha256', password_attempt.encode(), stored_salt, 100_000)
    return new_key == stored_key

# Example usage
salt, key = hash_password("harold123")
print("Stored hash:", key.hex())

print(verify_password(salt, key, "harold123"))  # ‚úÖ True
print(verify_password(salt, key, "wrongpass"))  # ‚ùå False


Stored hash: c017868afcb83523a9c957708c385c4df0ca069c12df10ac7c419fa2ce75b41e
True
False


#HMAC (Hash Based Message Authentication)

Ensures integrity and authenticity

In [None]:
import hmac
import hashlib

key = b'secretkey'
msg = b'hello newman'

signature = hmac.new(key, msg, hashlib.sha256).hexdigest()
print(signature)


90412448bacfa12bb9229da0fc6c4ef4a939637dbf81ea02b9c7e18eaac75ec2


üß∞ Quick Summary



*   simple hashing  -- hashlib.sha256()
*   secure passsword hashing --  hashlib.pbkdf2.hmac()
*   message authentication -- hmac.new()





Note:   Thes are the basic hashlib functions.  For secure production apps you should use bcrypt, scrypt or argon2.  I iwill cover those next in that order.

