Logo

Exploring SHA Algorithms

avatar Naitik Lodha

Published on August 7, 2024

4 min read

Hey there! I got to explore hashing while working on an authentication feature for a Flask app. I thought of sharing my experience and what I've learned about SHA algorithms in simple terms. So, let’s get started!

What is Hashing?

Before we jump into SHA algorithms, let's understand what hashing is. Hashing is a process that takes an input (or "message") and returns a fixed-size string of bytes. The output, which is often called the hash value or digest, is a seemingly random sequence of characters. But the main magic of hashing lies in its properties:

  1. Deterministic: The same input will always produce the same hash.
  2. Quick: Hashing functions are designed to be fast.
  3. Unique: A small change in input entirely changes the hash.
  4. Irreversible: You can't easily turn a hash back into the original input.

Why SHA?

SHA stands for Secure Hash Algorithm. It’s a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST). There are different versions like SHA-1, SHA-256, and SHA-512. For most applications nowadays, we use SHA-256 because it's more secure compared to older versions like SHA-1.

My First Encounter with SHA in Flask

I first encountered SHA algorithms when I was working on a Flask app that required user authentication. Authentication means verifying that a user is who they claim to be, usually done by checking a username and password.

Storing passwords securely

When users create accounts, they set passwords. However storing these passwords directly in the database is a bad idea because if someone gains access to the database, they can see all the passwords. This is where hashing comes in. Instead of storing the actual passwords, we store their hashes.

Implementing SHA-256 in Flask

Here’s a simple way to hash passwords using SHA-256 in Flask. First, we need to install the `werkzeug` library, which provides useful security functions:

pip install werkzeug

Then, in our Flask app, we can hash a password like this:

from werkzeug.security import generate_password_hash, check_password_hash

# Hashing a password
password = "neurotechh123"
hashed_password = generate_password_hash(password, method='sha256')

print("Original password:", password)
print("Hashed password:", hashed_password)

The above code would output the hashed password

1d8d50369c00ec9a45dffe75b7d00d865507b0737af661aec86040b98e420f07

The hash generated is unique for all the inputs.

When the user logs in, we can check if the entered password matches with the hash

# Checking a password
entered_password = "neurotechh123"
is_correct = check_password_hash(hashed_password, entered_password)

if is_correct:
    print("Password is correct!")
else:
    print("Password is incorrect!")

Why SHA-256?

You might wonder why we use SHA-256 specifically. The number 256 refers to the length of the hash value it produces - 256 bits. It’s a good balance between security and performance. SHA-256 is currently considered secure and is widely used in many applications, from securing websites to blockchain technology.

Lessons Learned

  1. Security First: Always prioritize security when handling user data. Hashing passwords is a crucial step.
  2. Stay Updated: Cryptographic standards evolve. SHA-256 is secure today, but it’s essential to stay informed about the latest developments.
  3. Libraries are Your Friends: Using well-maintained libraries like `werkzeug` saves time and ensures you’re following best practices.

Final Thoughts

Exploring SHA algorithms and implementing them in my Flask app was a great learning experience. It highlighted the importance of security in software development and gave me a solid understanding of how hashing works.
Happy coding!

Maybe even subscribe to our newsletter

Previous Post

From Pixels to Presence: Interfaces for AR/VR

Next Post

VPN's are not Magical Privacy Protectors