Application should be using SHA512 for the hashing algorithm

[bhavinkpatel]

Test Data / Request / Prerequisite

• Set a PORT variable in your environment. For the purposes of this assignment, we will define the port as 8088.
• Request, curl -v -X POST -H "application/json" -d '{"password":"bhavinpatel"}' http://127.0.0.1:8088/hash -w "\n%{time_total}"

Test Steps

1. Start application (/broken-hashserve_darwin)
2. Enter Request from above
3. Verify the hashing algorithm is SHA512

Expected Result

• Application is using SHA512.

[bhavinkpatel]

Based on the information provided, there is no definite way to determine the hashing algorithm the application is using. The test case is not testable by itself - it is depended also on another test case for retrieving the hashed password. One can reverse compute to ensure hashing is being done correctly. Another option is to test this by pairing with a developer to gain insight into the code behind the feature. Either by including access to the database to directly retrieve a hashed password to verify, or by asking to add testing flags in commands to retrieve such data.