What is a hash function?
A cryptographic hash function takes an input of any size and produces a fixed-length output called a digest. Hash functions are deterministic and one-way — you cannot reverse a hash back to the original input, and even a one-character change produces a completely different output (avalanche effect).
- Same input always produces the same hash
- Tiny input change → completely different hash
- Computationally infeasible to find two inputs with the same hash
Choosing an algorithm
- SHA-1 — Fast but cryptographically broken. Suitable only for non-security checksums or legacy compatibility (e.g. Git).
- SHA-256 / SHA-512 — Current standard for secure hashing. Use for digital signatures, integrity verification, and HMAC.
- SHA3-256 / SHA3-512 — Latest NIST standard (2015). Based on Keccak, structurally different from SHA-2 for added defense in depth.
- Keccak-256 — The SHA-3 variant used by Ethereum for address and transaction hashing (differs slightly from NIST SHA3-256).
Common uses
- File integrity — Verify a downloaded file was not tampered with
- Password storage — Store hashes, never plaintext (use bcrypt/argon2 with salt in production)
- Digital signatures — Sign the hash of a document, not the document itself
- Git — SHA-1 (migrating to SHA-256) identifies every object in a repository
- Blockchain — SHA-256 powers Bitcoin proof-of-work; Keccak-256 powers Ethereum
- Deduplication — Hash files to detect duplicates without comparing content byte-by-byte