Back to Blog
hash 2025-01-30

Cryptographic Hash Functions Explained

Learn how cryptographic hash functions work, their properties, and when to use MD5, SHA-256, or bcrypt.

Cryptographic hash functions are fundamental building blocks of modern security systems. They transform arbitrary data into a fixed-size output that acts as a digital fingerprint.

Properties of Cryptographic Hash Functions

A good cryptographic hash function has these properties:

1. Deterministic: Same input always produces same output

2. Fast computation: Quick to compute the hash for any input

3. Pre-image resistance: Cannot reverse the hash to find the input

4. Collision resistance: Extremely hard to find two different inputs with the same hash

5. Avalanche effect: Small input changes cause dramatic output changes

Common Hash Algorithms

MD5 (128-bit)

MD5("hello") = 5d41402abc4b2a76b9719d911017c592
  • Status: Broken, NOT secure
  • Use: File checksums (non-security), legacy systems
  • Avoid for: Passwords, digital signatures, certificates

SHA-1 (160-bit)

SHA1("hello") = aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
  • Status: Deprecated, collisions found (SHAttered attack, 2017)
  • Use: Git commits (legacy), legacy compatibility
  • Avoid for: New security applications

SHA-256 (256-bit)

SHA256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • Status: Secure, widely used
  • Use: Digital signatures, blockchain, file integrity
  • Part of: SHA-2 family (includes SHA-224, SHA-384, SHA-512)

SHA-512 (512-bit)

  • Larger output, often faster on 64-bit processors
  • Better for very high security requirements

Hash Functions for Passwords

Never use MD5, SHA-1, or SHA-256 alone for password hashing! They are too fast, making brute-force attacks feasible.

Instead, use purpose-built password hashing functions:

bcrypt

  • Includes built-in salt
  • Configurable work factor
  • Time-tested and widely supported

Argon2 (Winner of PHC 2015)

  • Configurable memory, time, and parallelism
  • Resistant to GPU and ASIC attacks
  • Current recommended choice

PBKDF2

  • Uses many iterations of a hash function
  • NIST recommended
  • Available in most standard libraries

Practical Applications

File Integrity Verification

sha256sum important-file.tar.gz


Outputs: a1b2c3d4... important-file.tar.gz

Digital Signatures

Hash the document, then encrypt the hash with a private key.

HMAC (Hash-based Message Authentication Code)

Combines a hash function with a secret key for message authentication:

HMAC-SHA256(key, message)

Blockchain

Each block contains the hash of the previous block, creating an immutable chain.

Choosing the Right Hash Function

PurposeRecommended

|---------|------------|

Password storageArgon2 or bcrypt File integritySHA-256 Digital signaturesSHA-256 or SHA-512 Data deduplicationSHA-256 Non-security checksumsMD5 or CRC32

Try our Hash Generator tool to compute hashes of any text instantly.