Juggling between coding languages? Let our Code Converter help. Your one-stop solution for language conversion. Start now!
Disclosure: This post may contain affiliate links, meaning when you click the links and make a purchase, we receive a commission.
Hashing algorithms are mathematical functions that convert data into fixed-length hash values, hash codes, or hashes. The output hash value is literally a summary of the original value. The most important thing about these hash values is that it is impossible to retrieve the original input data just from hash values.
Now, you may be thinking, then what's the benefit of using hashing algorithms? Why not just use encryption? Well, even though encryption is important for protecting data (data confidentiality), sometimes it is important to be able to prove that no one has modified the data you're sending. Using hashing values, you'll be able to tell if some files haven't been modified since creation (data integrity). You can check the following tutorial where we verify file integrity during download in Python.
That's not it; there are many examples of their use, including digital signatures, public-key encryption, message authentication, password protection, and many other cryptographic protocols. Whether you're storing your files on a cloud storage system, using a Git version control system, connecting to an HTTPS website, connecting to a remote machine using SSH, or even sending a message on your mobile phone, there's a hash function somewhere under the hood.
Read also: How to Transfer Files in the Network using Sockets in Python.
In this tutorial, we will use the hashlib built-in module to use different hash algorithms in Python. Let's get started:
import hashlib
# encode it to bytes using UTF-8 encoding
message = "Some text to hash".encode()We gonna use different hash algorithms on this message string, starting with MD5:
# hash with MD5 (not recommended)
print("MD5:", hashlib.md5(message).hexdigest())Output:
MD5: 3eecc85e6440899b28a9ea6d8369f01cMD5 is pretty obsolete now, and you should never use it, as it isn't collision-resistant. Let's try SHA-2:
# hash with SHA-2 (SHA-256 & SHA-512)
print("SHA-256:", hashlib.sha256(message).hexdigest())
print("SHA-512:", hashlib.sha512(message).hexdigest())Output:
SHA-256: 7a86e0e93e6aa6cf49f19368ca7242e24640a988ac8e5508dfcede39fa53faa2
SHA-512: 96fa772f72678c85bbd5d23b66d51d50f8f9824a0aba0ded624ab61fe8b602bf4e3611075fe13595d3e74c63c59f7d79241acc97888e9a7a5c791159c85c3ccdBuild 35+ Ethical Hacking Scripts & Tools with Python Book
SHA-2 is a family of 4 hash functions: SHA-224, SHA-256, SHA-384 and SHA-512, you can also use hashlib.sha224() and hashlib.sha384(). However, SHA-256 and SHA-512 are mostly used.
The reason it's called SHA-2 (Secure Hash Algorithm 2), is because SHA-2 is the successor of SHA-1, which is outdated and easy to break. The motivation of SHA-2 was to generate longer hashes, which leads to higher security levels than SHA-1.
Although SHA-2 is still used nowadays, many believe that attacks on SHA-2 are just a matter of time; researchers are concerned about its long-term security due to its similarity to SHA-1.
As a result, SHA-3 is introduced by NIST as a backup plan, which is a sponge function that is completely different from SHA-2 and SHA-1. Let's see it in Python:
# hash with SHA-3
print("SHA-3-256:", hashlib.sha3_256(message).hexdigest())
print("SHA-3-512:", hashlib.sha3_512(message).hexdigest())Output:
SHA-3-256: d7007c1cd52f8168f22fa25ef011a5b3644bcb437efa46de34761d3340187609
SHA-3-512: de6b4c8f7d4fd608987c123122bcc63081372d09b4bc14955bfc828335dec1246b5c6633c5b1c87d2ad2b777d713d7777819263e7ad675a3743bf2a35bc699d0SHA-3 is unlikely to be broken any time soon. Hundreds of skilled cryptanalysts have failed to break SHA-3.
What do we mean by secure in hashing algorithms? Hashing functions have many safety characteristics, including collision resistance, which is provided by algorithms that make it extremely hard for an attacker to find two completely different messages that hash to the same hash value.
Pre-image resistance is also a key factor for hash algorithm security. An algorithm that is pre-image resistant makes it hard and time-consuming for an attacker to find the original message given the hash value.
There are few incentives to upgrade to SHA-3, since SHA-2 is still secure, and because speed is also a concern, SHA-3 isn't faster than SHA-2.
What if we want to use a faster hash function that is more secure than SHA-2 and at least as secure as SHA-3? The answer lies in BLAKE2:
# hash with BLAKE2
# 256-bit BLAKE2 (or BLAKE2s)
print("BLAKE2c:", hashlib.blake2s(message).hexdigest())
# 512-bit BLAKE2 (or BLAKE2b)
print("BLAKE2b:", hashlib.blake2b(message).hexdigest())Get Our Ethical Hacking with Python EBook
Master Ethical Hacking with Python by building 35+ Tools from scratch. Get your copy now!
Download EBookOutput:
BLAKE2c: 6889074426b5454d751547cd33ca4c64cd693f86ce69be5c951223f3af845786
BLAKE2b: 13e2ca8f6a282f27b2022dde683490b1085b3e16a98ee77b44b25bc84a0366afe8d70a4aa47dd10e064f1f772573513d64d56e5ef646fb935c040b32f67e5ab2Conclusion
BLAKE2 hashes are faster than SHA-1, SHA-2, SHA-3, and even MD5, and even more secure than SHA-2. It is suited for use on modern CPUs that support parallel computing on multicore systems.
BLAKE2 is widely used and has been integrated into major cryptography libraries such as OpenSSL and Sodium, and more.
You can also easily hash an entire file just by reading all the file content and then passing the file bytes to any function we covered. Check the corresponding code here.
To wrap up, for further readings, you need to read the official Python documentation for hashlib module. We also built a hash cracker with this library; feel free to check it out.
Finally, in our Ethical Hacking with Python guide, we've built 35+ hacking tools and scripts from scratch using Python! Check it out here if you're interested!
Related: How to Encrypt and Decrypt Files in Python.
Happy Hashing ♥
Why juggle between languages when you can convert? Check out our Code Converter. Try it out today!
View Full Code Improve My Code
Got a coding query or need some guidance before you comment? Check out this Python Code Assistant for expert advice and handy tips. It's like having a coding tutor right in your fingertips!