# 7.7: Ethical issues around Data Collection

### Learning Objectives:
- Explaining the risks of privacy from collecting and storing personal data on computer systems.

### Essential Knowledge:
- Data Collection: Methods (cookies, tracking, etc.)
- Ethical Data Use: Identifying Personal data (Personal Identifiable Information, Sensitive Personal Information)
- Security Practices: Data Encryption, Data Anonymization, Data Minimization

## Privacy Protection mechanisms
- Encryption: Encode data for only authorized users to access.
- Anonymization: Remove personal information from data.
- Data Minimization: Collect only necessary data.
- User Control: Allowing users to control how their data is used


In [1]:
// Example string data
String originalData = "mySecretPassword123";

// Generate a hash code for the string
int hash = originalData.hashCode();

// Display the original data and its hash
System.out.println("Original Data: " + originalData);
System.out.println("Hash Code: " + hash);

// Demonstrate that the same string always produces the same hash
String sameData = "mySecretPassword123";
int sameHash = sameData.hashCode();
System.out.println("Same Data Hash: " + sameHash);

// Demonstrate that a small change in data produces a different hash
String modifiedData = "mySecretPassword124";
int modifiedHash = modifiedData.hashCode();
System.out.println("Modified Data: " + modifiedData);
System.out.println("Modified Data Hash: " + modifiedHash);

Original Data: mySecretPassword123
Hash Code: 1107444891
Same Data Hash: 1107444891
Modified Data: mySecretPassword124
Modified Data Hash: 1107444892


### Uses of Hashing
- Hashing is used to store passwords securely but it is not enough for large scale industries.
- Hashing is used to conceal sensitive information like credit card information but not enough to protect it entirely.

### Hashing with Salt

As we talked about earlier in the hashing section, hashing is a one-way function. This means that once you hash a value, you can't get the original value back. This is useful for storing passwords, but it also means that if two users have the same password, they will have the same hash. This is a problem because if an attacker gets access to the hash, they can use a rainbow table to look up the hash and find the original password.

Thus, we use Hasing with Salt which means that even if 2 users have the same password, they will have different hashes because we add a random value to the password before hashing it. This random value is called a salt.

## Homework

### Homework Problem: Exploring Hashing and Privacy Protection (Extra Credit)

#### **Problem:**
Write a Java program that simulates how hashing works in protecting passwords. You will implement the following tasks:

1. **Task 1: Basic Password Hashing**
   - Write a program that accepts a user's password input and generates a hash using the **`hashCode()`** method.
   - Display the original password and the hash to show how the same input always produces the same hash.

2. **Task 2: Salting the Password**
   - Enhance the program by generating a random **salt** for the password. Append the salt to the password before hashing, and display both the salt and the hashed password.
   - Store the salt separately and demonstrate that the same password with a different salt produces a different hash.

3. **Task 3: Verifying the Password**
   - Write a method that simulates logging in by taking a password and salt as input, hashing them again, and comparing the result to the previously stored hash.
   - If the hash matches, display "Login Successful"; otherwise, display "Login Failed."

#### **Extra Challenge (Optional):**
- Research and use the **`MessageDigest`** class in Java to implement password hashing with a more secure algorithm like **SHA-256**. Modify your program to use this instead of `hashCode()`.



## PLS NOTE THAT I DID THE EXTRA CHALLENGE AND I AM A STELLAR STUDENT CUZ OF IT AND I DIDNT GPT IT AND PUT EFFOR

In [35]:
import java.security.*;
import java.util.*;
import java.nio.charset.StandardCharsets;

// Problem 1
public String hashcode(String password){
    return String.valueOf(password.hashCode());
}
System.out.println(hashcode("Thing"));
System.out.println(hashcode("Thing"));

// Problem 2(Lets add a bit of salt shall we)
public static String generateSalt() { 
    SecureRandom random = new SecureRandom();
    byte[] yummysalt = new byte[2];
    random.nextBytes(yummysalt);
    return Base64.getEncoder().encodeToString(yummysalt);
}
String password="Thing";
String passSalt1=hashcode(password+generateSalt());
String passSalt2=hashcode(password+generateSalt());
System.out.println(passSalt1==passSalt2);
System.out.println(passSalt1+" "+passSalt2);

// Problem 3

public class User {
    private String salt;
    private String hashedPassword;

    public User(String password) throws NoSuchAlgorithmException {
        this.salt = generateSalt();
        this.hashedPassword = hashPassword(password);
    }

    private static String generateSalt() { 
        SecureRandom random = new SecureRandom();
        byte[] yummysalt = new byte[16];
        random.nextBytes(yummysalt);
        return Base64.getEncoder().encodeToString(yummysalt);
    }

    private String hashPassword(String password) throws NoSuchAlgorithmException {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(password.getBytes(StandardCharsets.UTF_8));
        StringBuilder hexString = new StringBuilder();
        for (byte b : hash) {
            String hex = Integer.toHexString(0xff & b);
            if (hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString(); // Return hashed password as hex string yum emoji
        // return String.valueOf((password + this.salt).hashCode());
    }

    public String verifyPassword(String password) throws NoSuchAlgorithmException {
        if (hashPassword(password).equals(this.hashedPassword)) {
            return "Login is successful";
        }
        return "Login failed";
    }
}

// Testing code
ArrayList<User> users = new ArrayList<>();

User user1 = new User("Secret");
User user2 = new User("Secret");

users.add(user1);
users.add(user2);

String entered = "Secret";
System.out.println(users.get(0).verifyPassword(entered));
System.out.println(users.get(1).verifyPassword(entered));

String badEntered = "peepeepoopoo";
System.out.println(users.get(0).verifyPassword(badEntered));
System.out.println(users.get(1).verifyPassword(badEntered));



80778446
80778446
false
1307410734 1307327561
Login is successful
Login is successful
Login failed
Login failed
