What is Hash?
Hash is a mathematical function that converts input data of any size into a fixed-size string of characters, producing a unique digital fingerprint that is practically impossible to reverse-engineer back to the original data.
Quick Facts
| Full Name | Hash Function / Hashing |
|---|---|
| Created | 1979 (Ralph Merkle's PhD thesis) |
| Specification | Official Specification |
How It Works
A hash function takes an input (or 'message') and returns a fixed-size string of bytes, typically displayed as a hexadecimal number. The output is called a hash value, hash code, digest, or simply hash. Hash functions are designed to be one-way functions, meaning it's computationally infeasible to reconstruct the input from its hash output. Key properties of cryptographic hash functions include: determinism (same input always produces same output), quick computation, pre-image resistance (can't find input from output), small changes in input produce vastly different outputs (avalanche effect), and collision resistance (hard to find two different inputs with the same hash). Common hash algorithms include MD5 (now considered insecure), SHA-1 (deprecated for security), SHA-256 (widely used), and SHA-3. Hashing is fundamental to data integrity verification, password storage, digital signatures, and blockchain technology.
Key Characteristics
- Produces fixed-length output regardless of input size
- One-way function - cannot be reversed to find original input
- Deterministic - same input always produces same hash
- Avalanche effect - small input changes create vastly different hashes
- Collision resistant - extremely hard to find two inputs with same hash
- Fast to compute for any given input
Common Use Cases
- Password storage and verification (with salting)
- Data integrity verification (file checksums)
- Digital signatures and certificates
- Blockchain and cryptocurrency mining
- Hash tables and data structures in programming
Example
Loading code...Frequently Asked Questions
What is the difference between hashing and encryption?
Hashing is a one-way function that converts data into a fixed-size output that cannot be reversed, while encryption is a two-way process that can be decrypted with the correct key. Hashing is used for data integrity verification and password storage, whereas encryption is used for protecting data confidentiality during transmission or storage.
Why are MD5 and SHA-1 considered insecure?
MD5 and SHA-1 are considered insecure because researchers have demonstrated practical collision attacks against them, meaning two different inputs can produce the same hash output. MD5 collisions can be generated in seconds on modern hardware, and SHA-1 was broken by Google's SHAttered attack in 2017. For security applications, SHA-256 or SHA-3 should be used instead.
What is a hash collision and why does it matter?
A hash collision occurs when two different inputs produce the same hash output. While collisions are theoretically possible for any hash function (since infinite inputs map to finite outputs), cryptographic hash functions are designed to make finding collisions computationally infeasible. Collisions matter because they can be exploited to forge digital signatures or bypass integrity checks.
What is salting and why is it important for password hashing?
Salting is the practice of adding a unique random value to each password before hashing it. This prevents attackers from using precomputed rainbow tables and ensures that identical passwords produce different hash values. Without salting, attackers who obtain a database of password hashes can easily crack common passwords by comparing them against known hash values.
Which hash algorithm should I use for my application?
For password storage, use specialized algorithms like bcrypt, scrypt, or Argon2 that include built-in salting and are deliberately slow. For data integrity and general-purpose hashing, SHA-256 is widely recommended. For cryptographic applications requiring the latest security, SHA-3 (Keccak) provides an alternative design. Avoid MD5 and SHA-1 for any security-sensitive applications.