Hashing
Last updated
Last updated
A hash function is any function that can map data of any arbitrary length to data of a fixed length. A cryptographic hash function is merely a hash function that has uses in cryptography.
The output of a hash function is called a hash, or digest.
You might recall that encryption allows you to both encrypt a plaintext to get a ciphertext, and decrypt the ciphertext to get the original plaintext. A hash function on the other hand, is a one-way function; you cannot get the original input of a resulting hash.
MD5 was at one point a very popular hashing algorithm. MD5 returns a 16-byte (128 bits) digest, but is usually displayed in hex (32 characters, 1 character = two bytes) because it is easier and safer to display and the character range can be expected (0-9, a-f).
Ideally, a hashing algorithm will give you one output for every input. A collision occurs when two different inputs result in the same output hash. MD5 was very popular for hashing until it was found to have collisions around 2004; you can read more here. If a collision is discovered in any cryptographic hashing algorithm, the algorithm is deemed to be broken and insufficient.
The Secure Hash Algorithm (SHA) is a cryptographic hash algorithm published by NIST, the first of which was published in 1993 and known as "SHA" (now known as SHA-0). SHA-0 was quickly found to have significant flaws and replaced by SHA-1.
SHA-1 was the most secure hashing algorithm at the time, and was competing with MD5 for popularity, even after MD5 was shown to be broken. SHA-1 was later found to have cryptographic weaknesses as well and was not recommended for use after 2010. SHA-1 produces a 160-bit / 20 byte digest.
SHA-2 is generally recommended as the algorithm to use, at minimum. SHA-2 is actually its own family of algorithms, which are named for their digest size in bits: SHA-224, SHA-256, SHA-384, and SHA-512.
In 2015, SHA-3 was first published, and is also considered its own family of algorithms, named after their digest size in bits: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. Two additional algorithms in the SHA-3 family are known as SHAKE128 and SHAKE256 and allow for arbitrary digest sizes.
Password hashing principles are different than that of ordinary cryptographic hash functions because the use cases are slightly different. We talk about this more in the section on Password Hashing.
Plaintext
MD5 hash (binary)
MD5 hash (hex)
I love hashing!
11001001 01101101 00010100 11101001 11110100 01011110 10110011 00010100 00011111 00101100 10000101 10110000 10001010 00011111 11100100 10110000
c96d14e9f45eb3141f2c85b08a1fe4b0