Understanding Hashes versus Encryption Ciphers with Python

Understanding Hashes versus Encryption Ciphers with Python
December 19, 2018 No Comments cybersecurity,Free Software,Learning/Educational,security Zian Smith

For those who are just now learning about hashing and encryption, the two can seem confusing.
Fortunately it is easy to understand when an example is given.

Both hashing and encryption have the same purpose of protecting data.
The difference is in the process. Ciphers (encryption) are meant to be reversible, hashes are NOT.

This article  will be using Python3 for giving code examples.

 

Hashing

Hashing is most commonly used by servers to protect user passwords. When you create an account on a website server and then enter in your password there is a hashing process that happens behind the scenes. You see, your password isn’t actually stored by the server. Instead it keeps the hash of your password, and from then on every time you provide your password when you attempt to log in, the server hashes the provided password and then compares the hash of that password to the hash that was originally provided when the account was created.

Let’s look at some python code.

# We will import the sha3_512 algorithm function from the hashlib module
from hashlib import sha3_512
# Now we define a function of our own that will use sha3_512
def hasher(item):
return sha3_512(bytes( str(item), 'utf-8' )).hexdigest()

Now we can begin creating hashes!
Suppose your password was “Ilikecows12345”, then the hash can be calculated as:
# we call our hashing function here
hasher("Ilikecows12345")
# our hash shows up here
'd1784183a0b195836117d26269d9164ac60c724443adbf4d5ffa275f9b186ad86915789518c8f158b8a6e735e21d9ccbc94259dcc904d7da118584dd7a4b58fe'

Now we have a hash of our password, great! This hash would be what the server would store. In such the catastrophe that this server was hacked, the hacker will get this hash associated with your username and not the password. Remember hashes are not supposed to be reversible.

Take note that sometimes you might hear that a hash is ‘salted’. Salted hashes have additional data added to add security. We could easily modify our hasher function to make salted hashes. Here is an example:
import uuid
salt = uuid.uuid4().hex

def salt_hasher(item):
return sha3_512(bytes( str(item + salt), ‘utf-8’ )).hexdigest()

Ciphers/Encryption

Encryption ciphers use an algorithm to protect data like hashing, but it can be reversed if you have something called a ‘key’.
Encryption is usually used to protect things like messages, not passwords.

Let’s define some python code that will allow us to encrypt and decrypt some text.
*Note: This is for example uses only*
# pyaes will need to be installed with pip
from pyaes import AESModeOfOperationECB as ECB
def py_encrypter(key, plaintext):
return ECB(bytes('{}'.format(key),'utf-8')).encrypt(bytes('{}'.format(plaintext), 'utf-8'))

def py_decrypter(key, ciphertext):
return ECB(bytes(‘{}’.format(key),’utf-8′)).decrypt(ciphertext)
# When encryption with aes, keys and data most be the same size
# acceptable sizes for aes include 16, 24, 32
key = “topsecretencrypt”
data = “I’dliketoencrypt”

We have defined our functions. We have both a key and some data to encrypt, let’s call our functions.
py_encrypter(key,data)
#output b'\xd9$\xf2\x1a\xfc(\x9b\xb5\x9f\xc1H,\x9c\xdb/\x10'

py_decrypter(key, b’\xd9$\xf2\x1a\xfc(\x9b\xb5\x9f\xc1H,\x9c\xdb/\x10′)
#output b”I’dliketoencrypt”

Congratulations! You’ve learned how to make hashes and encrypt text with python!

 

Keep it real.

Tags
About The Author

Leave a reply

Your email address will not be published. Required fields are marked *