2

I am modeling the user sign-in and account creation of a social network and have to create a hash function (not using hashlib) using my own hashing algorithm. The point of it is to take a password and hash it so that it becomes a random string of letters and numbers. The hashed password should also change dramatically when only one letter of the password is changed. For example, if "heyguys" goes to 7h8362, "hayguys" would go to something totally different like "bbb362". A small change in input string should result in a large change in output string. The reason I am doing this is because I am storing user data in a dictionary and it is dangerous to store a password in plaintext.

How would I go about doing this? I am a beginner and know hashlib but other than that, I cannot seem to figure out where to even begin.

Improve this question
8
  • 2
    If you're a beginner, you shouldn't be doing this. You should be using a standardized hashing algorithm such as SHA-256 and, if in any way possible, using someone else's implementation of it, not your own. You also need to use a random per-user salt hashed with the password in order to make rainbow table attacks infeasible. Commented Dec 1, 2015 at 18:23
  • Have you tried looking at standard approaches? There are way too many options, a quick google for "python crypto hash example" will give you most of the information you need. Commented Dec 1, 2015 at 18:26
  • Since youre a beginner, simply use the standard hashes instead of a self-designed one. Designing an own hash-algorithm requires quite a lot of mathematical skills and should be left to professionals. Commented Dec 1, 2015 at 18:28
  • 1
    @DarkFalcon: Heck no, SHA-256 isn't going to cut it. You want an algorithm designed for password hashing, like bcrypt or scrypt. Commented Dec 1, 2015 at 18:28
  • please follow user2357112's suggestions! just hashing is bad for several reasons; e.g. it would reveal if 2 users use the same password. and brute-forcing would be way too easy. consider using (in that order): scrypt, bcrypt, PBKDF2. Commented Dec 1, 2015 at 19:13

1 Answer 1

Reset to default
4

As others have said here, this is an advanced topic, and you shouldn't try to make a feasible Hash function unless you know what you're doing.

However, if you want to understand the basics of hashing, here are some things to think about.

  1. Equivalent output: In every Hash function, you should be able to get the same output for every input that is identical to each other, such that, hash(8) = 'y758tff' should be 'y758tff' every time hash(8) is called.

  2. Avoiding Collisions: Good Hashing functions give unique outputs for as many inputs as possible. Meaning, Hash(n) and Hash(x), should not give the same Hash output, and if it has to happen, it should be very rare.

  3. Irreversibility: A good hash function, will be near impossible to reverse back to its key. Meaning, for every Hash(n) = N, there should be no function so that function(N) = n. As an example, if you had a hash function that simply reverses the input, it would be very easy to make a function that reverses that Hash output.

  4. Identical lengths of keys: Regardless of the length of an input for a good hash function, the output must be the same length of all inputs. Such that, Hash('a') = '46fhur78', and Hash('Tomatoes') = 'yfih78rr', both length of 8.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.