Hashing… First Step to Secure Software Programming

Cartoon by Sergey Gordeev from Gordeev Animation Graphics, Prague.

Where it all started?


Authentication methodologies

1. Username Password authentication

Fig 1 — Traditional Username, Password authentication method
Fig 2 — Db table to store username and password for traditional authentication methodology

2. Password Hashing

Fig 3 — Hashing the string “logIn123” using SHA-256 hash function
Fig 4 — Fixed length output for different hash functions

How does hashing authentication works?

Fig 5 — User authentication flow with hashing

3. Salted Hashing

Fig 6 — Same hashed value password for two different users in database
Fig 7 — Common ways of implementing salted hash
Fig 8 — User signup page
Fig 9 — Database table containing username, hashed password, salt and type of hash function

The usage of hashing in real world scenario

Fig 10 — Message sent from A to B

How does this verification takes place in a communication?

Fig 11 — Hashing for integrity verification

If H2 == H1,

If not,

2. Hashing for indexing in database

Fig 12 — Hashing for indexing in database

Inquisitive | Senior Software Engineer @ WSO2