SHA stands for Secure Hashing Algorithms. Once a string is hashed, it is normally impossible to get back the original data. It is a one way story meaning you supposedly cannot find the original data by knowing the hashed output. However, it can be known by bruteforce or using the rainbow table method. Better SHA algorithms are developped to withstand these attacks.

SHA algorithms to avoid

SHA-0 and SHA-1 are no longer being accepted due to vulnerabilities found in them

Use of SHA algorithms

At first glance it might seem useless if you can’t get your data back but it’s actually widely used. Suppose you are a php developer. You have a site with sign up option. Upon signing up when the user provides his password, you must actually hash it before sending it to the database. Now, each time a user logs in, the password he provides is hashed and compared with the stored hashed password associated with the username; if they match, access is granted.

It is a security convention not to store raw passwords in databases as a raid on your database allow instant access to accounts as passwords are already known.

Python demo

The module to import is hashlib

import hashlib

To see all available SHA algorithms try :

print(hashlib.algorithms_available)

Now let us try a Sha256 typical demo

import hashlib
toHash = hashlib.sha256(b”sololearn”)
digest = toHash.hexdigest()
print(digest)

poof you get your long string of characters

Security tip
Before you hash your string, add some random characters to your string before hashing. It renders reversing more difficult.

Originally written as a Sololearn Lesson

Advertisements