From ac01d2d4bb2315a24dcba1f735634c89e026deec Mon Sep 17 00:00:00 2001 From: Hayden B Date: Thu, 31 Mar 2022 05:41:58 -0700 Subject: [PATCH] Update SHA1 example to SHA256 (#418) This encourages the use of stronger cryptographic hashes. Tools such as securego/gosec will show errors when SHA1/MD5 hashes are used. --- examples.txt | 2 +- examples/sha1-hashes/sha1-hashes.hash | 2 - examples/sha1-hashes/sha1-hashes.sh | 14 ------ .../sha256-hashes.go} | 19 ++++---- examples/sha256-hashes/sha256-hashes.hash | 2 + examples/sha256-hashes/sha256-hashes.sh | 15 +++++++ public/base64-encoding | 2 +- public/index.html | 2 +- public/{sha1-hashes => sha256-hashes} | 44 +++++++++---------- public/url-parsing | 4 +- 10 files changed, 51 insertions(+), 55 deletions(-) delete mode 100644 examples/sha1-hashes/sha1-hashes.hash delete mode 100644 examples/sha1-hashes/sha1-hashes.sh rename examples/{sha1-hashes/sha1-hashes.go => sha256-hashes/sha256-hashes.go} (57%) create mode 100644 examples/sha256-hashes/sha256-hashes.hash create mode 100644 examples/sha256-hashes/sha256-hashes.sh rename public/{sha1-hashes => sha256-hashes} (74%) diff --git a/examples.txt b/examples.txt index 6772826..d83f7f7 100644 --- a/examples.txt +++ b/examples.txt @@ -57,7 +57,7 @@ Time Formatting / Parsing Random Numbers Number Parsing URL Parsing -SHA1 Hashes +SHA256 Hashes Base64 Encoding Reading Files Writing Files diff --git a/examples/sha1-hashes/sha1-hashes.hash b/examples/sha1-hashes/sha1-hashes.hash deleted file mode 100644 index 6313184..0000000 --- a/examples/sha1-hashes/sha1-hashes.hash +++ /dev/null @@ -1,2 +0,0 @@ -fc2de63b58865a6761749490ee217a94b4e343d1 -XLftf8Gvj4y diff --git a/examples/sha1-hashes/sha1-hashes.sh b/examples/sha1-hashes/sha1-hashes.sh deleted file mode 100644 index 3ed62c9..0000000 --- a/examples/sha1-hashes/sha1-hashes.sh +++ /dev/null @@ -1,14 +0,0 @@ -# Running the program computes the hash and prints it in -# a human-readable hex format. -$ go run sha1-hashes.go -sha1 this string -cf23df2207d99a74fbe169e3eba035e633b65d94 - - -# You can compute other hashes using a similar pattern to -# the one shown above. For example, to compute MD5 hashes -# import `crypto/md5` and use `md5.New()`. - -# Note that if you need cryptographically secure hashes, -# you should carefully research -# [hash strength](http://en.wikipedia.org/wiki/Cryptographic_hash_function)! diff --git a/examples/sha1-hashes/sha1-hashes.go b/examples/sha256-hashes/sha256-hashes.go similarity index 57% rename from examples/sha1-hashes/sha1-hashes.go rename to examples/sha256-hashes/sha256-hashes.go index 24e5921..eb43763 100644 --- a/examples/sha1-hashes/sha1-hashes.go +++ b/examples/sha256-hashes/sha256-hashes.go @@ -1,26 +1,23 @@ -// [_SHA1 hashes_](http://en.wikipedia.org/wiki/SHA-1) are +// [_SHA256 hashes_](https://en.wikipedia.org/wiki/SHA-2) are // frequently used to compute short identities for binary -// or text blobs. For example, the [git revision control -// system](http://git-scm.com/) uses SHA1s extensively to -// identify versioned files and directories. Here's how to -// compute SHA1 hashes in Go. +// or text blobs. For example, TLS/SSL certificates use SHA256 +// to compute a certificate's signature. Here's how to compute +// SHA256 hashes in Go. package main // Go implements several hash functions in various // `crypto/*` packages. import ( - "crypto/sha1" + "crypto/sha256" "fmt" ) func main() { - s := "sha1 this string" + s := "sha256 this string" - // The pattern for generating a hash is `sha1.New()`, - // `sha1.Write(bytes)`, then `sha1.Sum([]byte{})`. // Here we start with a new hash. - h := sha1.New() + h := sha256.New() // `Write` expects bytes. If you have a string `s`, // use `[]byte(s)` to coerce it to bytes. @@ -31,7 +28,7 @@ func main() { // to an existing byte slice: it usually isn't needed. bs := h.Sum(nil) - // SHA1 values are often printed in hex, for example + // SHA256 values are often printed in hex, for example // in git commits. Use the `%x` format verb to convert // a hash results to a hex string. fmt.Println(s) diff --git a/examples/sha256-hashes/sha256-hashes.hash b/examples/sha256-hashes/sha256-hashes.hash new file mode 100644 index 0000000..7975759 --- /dev/null +++ b/examples/sha256-hashes/sha256-hashes.hash @@ -0,0 +1,2 @@ +21f16c864c11958f29949c491a9684bcb885831f +jIQtrUxWLvq diff --git a/examples/sha256-hashes/sha256-hashes.sh b/examples/sha256-hashes/sha256-hashes.sh new file mode 100644 index 0000000..bb7a816 --- /dev/null +++ b/examples/sha256-hashes/sha256-hashes.sh @@ -0,0 +1,15 @@ +# Running the program computes the hash and prints it in +# a human-readable hex format. +$ go run sha256-hashes.go +sha256 this string +1af1dfa857bf1d8814fe1af8983c18080019922e557f15a8a... + + +# You can compute other hashes using a similar pattern to +# the one shown above. For example, to compute +# SHA512 hashes import `crypto/sha512` and use +# `sha512.New()`. + +# Note that if you need cryptographically secure hashes, +# you should carefully research +# [hash strength](https://en.wikipedia.org/wiki/Cryptographic_hash_function)! diff --git a/public/base64-encoding b/public/base64-encoding index e54904f..3a5c44e 100644 --- a/public/base64-encoding +++ b/public/base64-encoding @@ -9,7 +9,7 @@ onkeydown = (e) => { if (e.key == "ArrowLeft") { - window.location.href = 'sha1-hashes'; + window.location.href = 'sha256-hashes'; } diff --git a/public/index.html b/public/index.html index 5085e45..d4d2647 100644 --- a/public/index.html +++ b/public/index.html @@ -145,7 +145,7 @@
  • URL Parsing
    • -
  • SHA1 Hashes
    • +
  • SHA256 Hashes
  • Base64 Encoding
    • diff --git a/public/sha1-hashes b/public/sha256-hashes similarity index 74% rename from public/sha1-hashes rename to public/sha256-hashes index 053eedb..48894ca 100644 --- a/public/sha1-hashes +++ b/public/sha256-hashes @@ -2,7 +2,7 @@ - Go by Example: SHA1 Hashes + Go by Example: SHA256 Hashes -
    -

    Go by Example: SHA1 Hashes

    +
    +

    Go by Example: SHA256 Hashes

    @@ -62,7 +61,7 @@ compute SHA1 hashes in Go.

     import (
-    "crypto/sha1"
+    "crypto/sha256"
     "fmt"
 )
    @@ -76,22 +75,20 @@ compute SHA1 hashes in Go.

    @@ -127,7 +124,7 @@ to an existing byte slice: it usually isn’t needed.

    -

    SHA1 hashes are +

    SHA256 hashes are frequently used to compute short identities for binary -or text blobs. For example, the git revision control -system uses SHA1s extensively to -identify versioned files and directories. Here’s how to -compute SHA1 hashes in Go.

    +or text blobs. For example, TLS/SSL certificates use SHA256 +to compute a certificate’s signature. Here’s how to compute +SHA256 hashes in Go.

    		 @@ -46,7 +45,7 @@ compute SHA1 hashes in Go.

    		 - + 
    package main
 
    func main() {
-    s := "sha1 this string"
+    s := "sha256 this string"
    -

    The pattern for generating a hash is sha1.New(), -sha1.Write(bytes), then sha1.Sum([]byte{}). -Here we start with a new hash.

    +

    Here we start with a new hash.

    		 
    -    h := sha1.New()
+    h := sha256.New()
    -

    SHA1 values are often printed in hex, for example +

    SHA256 values are often printed in hex, for example in git commits. Use the %x format verb to convert a hash results to a hex string.

    @@ -155,17 +152,18 @@ a human-readable hex format.

    		 
    -$ go run sha1-hashes.go
-sha1 this string
-cf23df2207d99a74fbe169e3eba035e633b65d94
    +$ go run sha256-hashes.go +sha256 this string +1af1dfa857bf1d8814fe1af8983c18080019922e557f15a8a...

    You can compute other hashes using a similar pattern to -the one shown above. For example, to compute MD5 hashes -import crypto/md5 and use md5.New().

    +the one shown above. For example, to compute +SHA512 hashes import crypto/sha512 and use +sha512.New().

    		 @@ -178,7 +176,7 @@ import crypto/md5 and use md5.New().

    Note that if you need cryptographically secure hashes, you should carefully research -hash strength!

    +hash strength!

    		 @@ -202,7 +200,7 @@ you should carefully research diff --git a/public/url-parsing b/public/url-parsing index 5c49165..a60e146 100644 --- a/public/url-parsing +++ b/public/url-parsing @@ -14,7 +14,7 @@ if (e.key == "ArrowRight") { - window.location.href = 'sha1-hashes'; + window.location.href = 'sha256-hashes'; } } @@ -222,7 +222,7 @@ pieces that we extracted.

    - Next example: SHA1 Hashes. + Next example: SHA256 Hashes.