Assignment 10 – Password Hashing
Summary
Password hashing is commonly used in nearly all systems. The concept is simple – it is not secure to store raw passwords in a system, but we still need to provide password based authentication. This will show you how it is done.
Assignment
The first step of this assignment will be to create a List. You may use any List that you have already created. For the purposes of this assignment it does not matter if your list is a doubly linked list of a singly linked list. I recommend that if you created a good useful list in the previous lists assignment use this list.
Next you will need to research and find a suitable Hash function. Next research hash functions, here is a simple version of a Hash Function. Put in A (any length) and get out B (fixed length). If the input is the same, the output is always the same.
Most Hash Functions always give an output of the same length. Of course there is always the possibility of a Hash Collision where 2 inputs give the same output (in fact that is the basis of Cryptocurrency mining).T he probability of an output B being the same for multiple inputs A is a direct function of the length of B and the number of characters in B. You can try out common hash functions at this site ( http://www.sha1-online.com/ );
see https://en.wikipedia.org/wiki/List_of_hash_functions ,
https://en.wikipedia.org/wiki/Hash_function –
http://stackoverflow.com/questions/14409466/simple-hash-functions
Google Simple Hash functions,
Once you have a list and a hash function – we will use it to create a Password System.
Your interface will include 2 Text boxes;
Add Password To List [ Text input ] Submit
Check For Password [ Text Input ] Submit
The first submit will Add the HASHED version of the Password as a Node in your list.
The second submit will Hash the second text box and compare it against all the values in the list. If it is in the List you will Output “Password Found” if it is not in the list output “Not Found”
You should also print the full list to the screen. This should obviously only display the hashed version of the passwords. While you are thinking about this – you should also realize why almost all systems will let you change your password, but almost none allow you to SEE your password. That is because your password as you enter it is never stored, only the hash of your password.
More Information
To alleviate your concerns about passwords being stored on web sites – most professional sites do NOT store sensitive information (such as passwords) – they store the Hash of the Password. As you have just shown in your assignment, you can still provide excellent authentication without having to store the password.
Also congratulate yourselves for getting this far. At this stage you are learning how some very real algorithms you use all the time actually work and what data structures live underneath your everyday tasks on the computer.
Grading
This either works or does not – it is all or nothing grading. I should be able to enter a password and check to see if the password exists in the list. I will check your code to see that you are storing the password hash.