[3] Coding Basics

This section contains some basic code samples useful for Web3 Develpers.

1. Web Storage

Web Storage API enables browsers to securely store key/value pairs.

sessionStorage maintains a separate storage area for each given origin as long as the browser is open - this includes page reloads and restores.

localStorage persists even when the browser is closed and reopened.

A user can view / edit the data in her browser storage e.g. for Chrome - Inspect --> Application --> Storage as shown below:

setItem(): Adds a key & value to storage

getItem(): Retrieves items from storage

removeItem(): Removes an item by key from Storage

clear(): Clears the Storage

This is the code for adding the the key name with the value Sanya to Web Storage.

This is the code for retrieving the value of the key name from Web Storage.

This is the code for removing the value of the key name from Web Storage.

This is the code for clearing the Storage

This is the code for adding multiple key / value pairs to Web Storage.

This is the code for retrieving multiple key / value pairs from Web Storage.

2. Web Workers

Sometimes web-pages become unresponsive while executing scripts. A Web Workers run in the background without degrading the performance of the web-page.

Here is the code for a basic timer Web Worker:

Here is the code of the web_workers.js file

3. Server-Sent Events

A server-sent event enables a web page to automatically get updates from a server e.g. crypto prices.

This is the code of the HTML page for server-sent events (one-way messaging).

This is the code of server_side_events.php. It generates a random number between 10 and 100 and returns it with the current timestamp.

4. Hash calculations

Tip

To understand the basic concepts of cryptography (hash functions, digital signatures, symmetric & asymmetric encryption, RSA algorithm, etc.) read Chapter C9. Technical Crypto Concepts (Page 147 onwards) of the Future Money Playbook by Rohas Nagpal.

Fast & slow hashes

Fast hashes (e.g. sha256) are easy to compute and are good for use cases like message authentication codes, digital signatures, and checksums for ensuring data integrity during file transfers, etc.

But they are not good for password storage. One reason is that the hash for a particular input will always be the same e.g. the sha256 hash for rohas will always be 7f529f41d5c3924b5c989f5128d63cdd6b061dfd3b372c0753677140898c0e94.

Slow hashes (e.g. bcrypt) are "inefficient" and more difficult to calculate and are the best for password storage. One reason is that there are multiple valid hashes for any particular input e.g. these are valid hashes for rohas: $2y$10$te9pyTKUm9ZvFaok0AVsrOsEszdwlzGEypmHg2wG6EB3azcP/4pcS $2y$10$8mHEn182PCY5kc5kvkBhGuR95OugQnHVSYgRIUmIWRlKtqX1cM59S $2y$10$VyErs5Ze0W0rvopbgub1NeedvOCV8fihsYXqziLFOBGOzSOp3IqvG

Hashing using PHP

Generating hash results is very simple using PHP. The code below generates all supported hashes for a given word.

For a specific hash function, use this code:

bcrypt

To see bcrypt in action, use this code:

List of supported hashing algorithms

For the list of supported hashing algorithms, use this code:

Hashing a file

To calculate the hash of a file, use this code:

5. Password Security using Salt & Pepper

In a highly insecure application, user passwords are stored in plain text in the database. If a hacker gets access to the database, all passwords are compromised.

It does not matter if it's a simple password (12345) or a complex one (uwBX9EeTEsr^df7jSdQ8). All passwords are compromised!!

A slightly better approach is to hash the passwords using a fast hash (e.g. sha256) and then store only the hashes in the database.

But remember that the exact same hash is generated for a particular input. So if multiple users have the same password, the hashes will be identical.

A much better approach is to use a slow hash (e.g. bcrypt). One reason is that there are multiple valid hashes for any particular input e.g. these are valid hashes for rohas:

$2y$10$te9pyTKUm9ZvFaok0AVsrOsEszdwlzGEypmHg2wG6EB3azcP/4pcS $2y$10$8mHEn182PCY5kc5kvkBhGuR95OugQnHVSYgRIUmIWRlKtqX1cM59S $2y$10$VyErs5Ze0W0rvopbgub1NeedvOCV8fihsYXqziLFOBGOzSOp3IqvG

You can exponentially increase security by using salt and pepper.

In cryptography, salt is a secret added to a password before hashing it. The salt and the resulting hash are stored in the database. This makes it tougher for a hacker using rainbow tables to brute force passwords.

Pepper is like salt but it is not stored in the database along with the password hash. The pepper can be the same for all users and is stored in a separate location.

PHP makes it easy to create complex passwords. The code below creates 20 character passwords containing alphabets, numbers and symbols.

The code below takes the password provided by the user, generates & appends a 16-character salt, then appends a pepper, and then hashes the result using multiple algorithms.

6. Cryptographically strong pseudorandom number generator (CSPRNG)

PHP makes it easy to generate cryptographically secure pseudo-random numbers.

random_bytes generates cryptographically secure pseudo-random bytes that are suitable for cryptographic use e.g. generating salts, keys, and initialization vectors. Here is a code for this.

random_int generates cryptographically secure pseudo-random integers. Here is a code for this.

7. Encryption & Decryption

Tip

To understand the basic concepts of cryptography (hash functions, digital signatures, symmetric & asymmetric encryption, RSA algorithm, etc.) read Chapter C9. Technical Crypto Concepts (Page 147 onwards) of the Future Money Playbook by Rohas Nagpal.

To gets a list of available cipher methods in PHP, use openssl_get_cipher_methods(). The code for this is below.

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a specification for the encryption of data by the U.S. National Institute of Standards and Technology (NIST).

AES has been adopted by the U.S. government and superseded the Data Encryption Standard (DES) which was published in 1977.

AES is a symmetric-key algorithm i.e. the same key is used for both encrypting and decrypting the data. This is unlike asymmetric-key algorithms like RSA.

The code below shows how to use AES for encryption and decryption in PHP.

Tip

The jsbn library enables public-key crypto and other applications on desktop and mobile browsers. Check it out here.

Also checkout a demo of the Stanford Javascript Crypto Library.

8. Basic programming skills

Tip

As a Web3 Developer, you must at minimum have basic knowledge of HTML, SQL, and PHP or JavaScript.