Encryption vs Cryptographic Hash

What is the difference between encryption and a cryptographic hash

Encryption

Create a secret message to send to someone and they do the opposite to decrypt it. Encryption can always be reversed if you know the process or have the correct key.

Hashing

Hashing is a process that cannot be undone. It always changes the same input into the same output.

Cryptographic hasing adds random data, a salt, that makes the input data more different and unique.

Example Using Bcrypt

Install bcrypt

    pip install flask-bcrypt

Import

    from flask_bcrypt import generate_password_hash

Generate the hash

    >>> generate_password_hash('secret')

Output

    b'$2b$12$w/x0Q9FnFydn/vZX26iz7eSNhJUavlm93SI.Kuv4uMATe031dKcpG'
  • bmeans byte-string
  • $2b tells you it is bcrypt
  • $12 is the number of rounds
  • rest is the hash

If you set the rounds really high, it takes longer:

    >>> generate_password_hash('secret', 15)

When a password attempt fails, it is good practise to increase the rounds so it takeslonger to check the hash.Slowing down crackers.

Checking password

How do you heck it though…

    >>> hashed_pw = generate_password_hash('secret', 12)
    >>> hashed_pw
    b'$2b$12$tE/SrlIDeO3Efs5lI77ZxeY3hzoAd1on2Lbx0SZnxBEARuSwBvEri'
    >>> hashed_pw == generate_password_hash('secret', 12)
    False

The above does not work. Youhave to check it with check_password_hash

    from flask_bcrypt import check_password_hash

then test it:

    >>> check_password_hash(hashed_pw, 'secret')