Transcript from the "Hashes" Lesson
>> One kind of cryptographic function that's really important is hashes. So we've already been doing, we've already done a little bit with hashes already today, but I just kinda wanna cover that so that we're not, we can deal with it more in depth. So a hash function takes a very, maybe very small, maybe a very large chunk of data and generates a fixed size of data.
[00:00:27] And if you change one byte in the input, you'll dramatically change the output. So a really good hashing function will have a completely different output. If you just change a single byte or maybe add a character, remove a character, this kind of thing. So hashes are really useful for verifying that you have the data that you expect to see.
[00:00:54] So for example, if you download a Linux ISO really big file, you can run ShaSum on that file to compute the Sha256, Sha512. And oftentimes you'll get like the hash from the website where you download those files so that you can verify that yeah, okay, the download didn't screw up even though it took like hours and maybe it had to resume a couple of times.
[00:01:20] I know that I for sure have the data that I thought I got. It's also an important idea if you want to protect against certain kinds of man in the middle attacks where there might be an adversary. Who, maybe that adversary is a Wi-Fi network that wants to like insert ads into your HTTP requests or something like that.
[00:01:43] Hashes can give you some guarantees about the robustness of your data. And later on, we'll be using hashes to build some interesting data structures like Merkle tags. Anyways, so to do hashes in node, you can either use the built in crypto library, so you can require crypto, create hash, and then you give it the name of an algorithm like Sha512.
[00:02:09] And node is gonna return back transform stream that's going to perform that hashing operation. So being is that's a transform stream. We can pipe it somewhere just ignore that output. It's fine. So if we write a message like hello world and then we end the stream. Then we get back the hash which in this case is binary.
[00:02:36] But if you pass in an encoding, you can for example create a hex string instead of that binary stuff. So encoding hex will give us that output. I forgot to pipe it somewhere. Luckily, these are streams to streams. So here we go. So here's the hash, I can just quickly verify that I get the same output that I expected to get on the command line, so I had the string hi as input.
[00:03:10] So I can echo hi without a new line and then pipe that into ShaSum -a 512. Yep, gives us the same hash back. So, it's just good to check this kinda stuff whenever you're dealing with hashes cuz, you might have an extra new line or you might have like an extra single byte that visually inspecting it looks the same, but it's actually one byte off and that's what hashes are meant to detect.
[00:03:34] So, just stuff you have to be careful. If you're doing hashing in the browser, I recommend that you use sorry. That should be create dash hash. Recommend that you use the create dash hash package because then you're not going to pull down all of the node crypto library into your browser code.