7.7: Ethical issues around Data Collection

Learning Objectives:

  • Explaining the risks of privacy from collecting and storing personal data on computer systems.

Essential Knowledge:

  • Data Collection: Methods (cookies, tracking, etc.)
  • Ethical Data Use: Identifying Personal data (Personal Identifiable Information, Sensitive Personal Information)
  • Security Practices: Data Encryption, Data Anonymization, Data Minimization

Privacy Protection mechanisms

  • Encryption: Encode data for only authorized users to access.
  • Anonymization: Remove personal information from data.
  • Data Minimization: Collect only necessary data.
  • User Control: Allowing users to control how their data is used
// Example string data
String originalData = "mySecretPassword123";

// Generate a hash code for the string
int hash = originalData.hashCode();

// Display the original data and its hash
System.out.println("Original Data: " + originalData);
System.out.println("Hash Code: " + hash);

// Demonstrate that the same string always produces the same hash
String sameData = "mySecretPassword123";
int sameHash = sameData.hashCode();
System.out.println("Same Data Hash: " + sameHash);

// Demonstrate that a small change in data produces a different hash
String modifiedData = "mySecretPassword124";
int modifiedHash = modifiedData.hashCode();
System.out.println("Modified Data: " + modifiedData);
System.out.println("Modified Data Hash: " + modifiedHash);
Original Data: mySecretPassword123
Hash Code: 1107444891
Same Data Hash: 1107444891
Modified Data: mySecretPassword124
Modified Data Hash: 1107444892

Uses of Hashing

  • Hashing is used to store passwords securely but it is not enough for large scale industries.
  • Hashing is used to conceal sensitive information like credit card information but not enough to protect it entirely.

Hashing with Salt

As we talked about earlier in the hashing section, hashing is a one-way function. This means that once you hash a value, you can’t get the original value back. This is useful for storing passwords, but it also means that if two users have the same password, they will have the same hash. This is a problem because if an attacker gets access to the hash, they can use a rainbow table to look up the hash and find the original password.

Thus, we use Hasing with Salt which means that even if 2 users have the same password, they will have different hashes because we add a random value to the password before hashing it. This random value is called a salt.

Homework

Homework Problem: Exploring Hashing and Privacy Protection (Extra Credit)

Problem:

Write a Java program that simulates how hashing works in protecting passwords. You will implement the following tasks:

  1. Task 1: Basic Password Hashing
    • Write a program that accepts a user’s password input and generates a hash using the hashCode() method.
    • Display the original password and the hash to show how the same input always produces the same hash.
  2. Task 2: Salting the Password
    • Enhance the program by generating a random salt for the password. Append the salt to the password before hashing, and display both the salt and the hashed password.
    • Store the salt separately and demonstrate that the same password with a different salt produces a different hash.
  3. Task 3: Verifying the Password
    • Write a method that simulates logging in by taking a password and salt as input, hashing them again, and comparing the result to the previously stored hash.
    • If the hash matches, display “Login Successful”; otherwise, display “Login Failed.”

Extra Challenge (Optional):

  • Research and use the MessageDigest class in Java to implement password hashing with a more secure algorithm like SHA-256. Modify your program to use this instead of hashCode().
import java.util.ArrayList;
import java.util.Random;
import java.util.Scanner;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class HashingExample {

    // Task 1: Basic Password Hashing
    public static void basicHashing() {
        Scanner scanner = new Scanner(System.in);
        
        System.out.print("Enter your password: ");
        String password = scanner.nextLine();
        
        int hash = password.hashCode();
        System.out.println("Original Password: " + password);
        System.out.println("Hash Code: " + hash);
    }

    // Task 2: Salting the Password
    public static String saltPassword(String password) {
        Random random = new Random();
        int salt = random.nextInt(1000);
        String saltedPassword = password + salt;
        
        System.out.println("Salt: " + salt);
        return saltedPassword;
    }

    public static void saltedHashing() {
        Scanner scanner = new Scanner(System.in);
        
        System.out.print("Enter your password: ");
        String password = scanner.nextLine();
        
        String saltedPassword = saltPassword(password);
        
        int hashedPassword = saltedPassword.hashCode();
        System.out.println("Hashed Password with Salt: " + hashedPassword);
    }

    // Task 3: Verifying the Password
    public static void verifyPassword(String originalPassword, int originalHash, int salt) {
        String saltedPassword = originalPassword + salt;
        int hashedPassword = saltedPassword.hashCode();

        if (hashedPassword == originalHash) {
            System.out.println("Login Successful");
        } else {
            System.out.println("Login Failed");
        }
    }

    public static void verifyHashing() {
        Scanner scanner = new Scanner(System.in);
        
        System.out.print("Enter your password: ");
        String password = scanner.nextLine();
        
        int originalHash = password.hashCode();
        int salt = new Random().nextInt(1000);
        String saltedPassword = password + salt;

        System.out.println("Salt: " + salt);
        System.out.println("Hashed Password: " + saltedPassword.hashCode());

        System.out.print("Enter your password again to verify: ");
        String inputPassword = scanner.nextLine();
        verifyPassword(inputPassword, originalHash, salt);
    }

    // Extra Challenge: Secure Hashing with SHA-256
    public static void secureHashing() {
        Scanner scanner = new Scanner(System.in);

        System.out.print("Enter your password for secure hashing (SHA-256): ");
        String password = scanner.nextLine();
        
        try {
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            byte[] hash = md.digest(password.getBytes());
            StringBuilder hexString = new StringBuilder();

            for (byte b : hash) {
                String hex = Integer.toHexString(0xff & b);
                if (hex.length() == 1) hexString.append('0');
                hexString.append(hex);
            }
            System.out.println("SHA-256 Hash: " + hexString.toString());
        } catch (NoSuchAlgorithmException e) {
            System.out.println("Hashing algorithm not found.");
        }
    }

    public static void main(String[] args) {

        secureHashing();
    }
}
HashingExample.main(null);
Enter your password for secure hashing (SHA-256): SHA-256 Hash: 1e28d0fd01d085787843952a78c58861a8f82492063bfbf57ee6f3224e75bd3e