When you download software, you often see a string like "SHA256: 3a7bd3e2c..." next to it. That's a hash—a digital fingerprint that lets you verify the file hasn't been tampered with. Hash functions are fundamental to security, from password storage to blockchain to detecting file corruption. This guide explains how they work and when to use each type.
Key Takeaways
- 1Hash functions create fixed-size "fingerprints"—same input always gives same output
- 2MD5 and SHA-1 are broken for security; use SHA-256 or newer for file integrity and signing
- 3Never use plain SHA-256 for passwords—use bcrypt, scrypt, or Argon2id with unique salts
- 4Verify downloads by comparing the published hash with the hash of your downloaded file
- 5Hashing is one-way (irreversible); encryption is two-way (reversible with a key)
1What Is a Hash Function?
A hash function takes any input (a file, text, or data) and produces a fixed-size output called a hash, digest, or checksum. The same input always produces the same hash, but even a tiny change in input creates a completely different hash.
Example: Hash Sensitivity
Scenario
See how a single character changes the entire hash
Solution
"Hello" → SHA256: 185f8db32271fe25f561a6fc938b2e26... and "Hello!" → SHA256: 334d016f755cd6dc58c53a86e183882f... — Adding one character produces a completely different 64-character hash.
- **Deterministic** – Same input always gives same output
- **Fixed output size** – SHA-256 always outputs 256 bits (64 hex characters)
- **One-way** – Cannot reverse a hash back to the original input
- **Avalanche effect** – Small input change = completely different hash
- **Collision-resistant** – Hard to find two inputs with the same hash
2Common Hash Algorithms Compared
Different hash algorithms offer different trade-offs between speed, security, and output size. Here's when to use each.
| Algorithm | Output Size | Status | Best For |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | ❌ Broken | Checksums only (not security) |
| SHA-1 | 160 bits (40 hex) | ⚠️ Deprecated | Legacy systems only |
| SHA-256 | 256 bits (64 hex) | ✅ Secure | General purpose, files, code signing |
| SHA-384 | 384 bits (96 hex) | ✅ Secure | High-security applications |
| SHA-512 | 512 bits (128 hex) | ✅ Secure | When extra security margin needed |
| SHA-3 | 224-512 bits | ✅ Secure | Backup if SHA-2 ever broken |
| BLAKE2 | 256-512 bits | ✅ Secure | High-speed hashing, crypto |
MD5 and SHA-1 are cryptographically broken. Attackers can create collisions (different files with the same hash). Use them only for non-security checksums like cache keys or duplicate detection—never for security.
3Verifying File Integrity with Checksums
When downloading software, the publisher provides a hash so you can verify the file wasn't corrupted during download or tampered with by an attacker.
How to Verify a File
1
Download the file
Get the file from the official source. Note the hash value provided on the download page.
2
Generate the hash locally
Use our Hash Generator tool or command line to compute the hash of your downloaded file.
3
Compare the hashes
If the hashes match exactly, the file is intact. If they differ, the file is corrupted or tampered with.
4
Check the source
Make sure you got the expected hash from the official website over HTTPS, not from an email or mirror.
| Platform | Command | Example |
|---|---|---|
| Windows (PowerShell) | Get-FileHash file.exe | Get-FileHash -Algorithm SHA256 setup.exe |
| macOS / Linux | shasum -a 256 file | shasum -a 256 download.dmg |
| Linux | sha256sum file | sha256sum linux.iso |
| Online | Use Hash Generator tool | Drag and drop file to calculate hash |
Generate File Hashes Online
Drag and drop any file to calculate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly—all processing happens in your browser.
Open Hash Generator4Hashing for Password Storage
Websites should never store passwords in plain text. Instead, they store a hash of the password. But not just any hash—password hashing has special requirements.
Never use plain SHA-256 for passwords. It's too fast—attackers can try billions of guesses per second. Use purpose-built password hashing functions like bcrypt, scrypt, or Argon2.
| Algorithm | Speed | Memory | Recommendation |
|---|---|---|---|
| bcrypt | Slow (configurable) | Low | ✅ Good default choice |
| scrypt | Slow (configurable) | High | ✅ Memory-hard (resists GPU attacks) |
| Argon2id | Slow (configurable) | High | ✅ Winner of Password Hashing Competition |
| PBKDF2 | Slow (configurable) | Low | ⚠️ Acceptable, but weaker than above |
| SHA-256 (plain) | Very fast | None | ❌ Never use for passwords |
Always add a random "salt" (unique per user) before hashing passwords. This prevents attackers from using precomputed rainbow tables. Modern password hash functions handle salting automatically.
Real-World Hash Applications
Hash functions appear throughout computing. Here are the most important applications beyond file verification.
- **Git commits** – Every commit ID is a SHA-1 hash of the content (migrating to SHA-256)
- **Blockchain** – Bitcoin uses SHA-256; transactions are chained via hashes
- **Digital signatures** – Hash the document, then encrypt the hash with a private key
- **SSL/TLS certificates** – Signed with SHA-256 to prevent forgery
- **Deduplication** – Cloud storage uses hashes to avoid storing duplicate files
- **Cache invalidation** – Include content hash in URLs to bust browser cache on changes
- **Subresource Integrity (SRI)** – Verify CDN scripts haven't been tampered with
- **HMAC authentication** – Hash-based message authentication for APIs
The entire blockchain concept relies on hashes. Each block contains the hash of the previous block, creating an unbreakable chain. Changing any past transaction would change all subsequent hashes.
6Hash Attacks & How to Prevent Them
Understanding hash attacks helps you choose the right algorithm and implementation for your use case.
| Attack | How It Works | Prevention |
|---|---|---|
| Brute force | Try all possible inputs until hash matches | Use slow hash functions (bcrypt), long inputs |
| Rainbow tables | Precomputed hash→password mappings | Always use unique salts per hash |
| Collision attack | Find two inputs with same hash | Use SHA-256 or newer (not MD5/SHA-1) |
| Length extension | Append data without knowing original | Use HMAC instead of H(secret || message) |
| Timing attack | Measure comparison time to leak info | Use constant-time comparison |
Example: Why Salts Matter
Scenario
Two users have the same password "password123"
Solution
Without salt: both get the same hash → attacker cracks one, gets both. With unique salts: user1's hash ≠ user2's hash → each must be cracked separately.
7Choosing the Right Hash Algorithm
Use this decision guide to pick the right hash function for your specific use case.
| Use Case | Recommended | Why |
|---|---|---|
| Password storage | Argon2id or bcrypt | Intentionally slow, memory-hard |
| File integrity | SHA-256 | Fast, secure, widely supported |
| Code signing | SHA-256 or SHA-384 | Industry standard |
| Git/version control | SHA-256 (new), SHA-1 (legacy) | Git is migrating |
| Cache keys | Any (MD5 OK) | Speed matters, security doesn't |
| Deduplication | Any fast hash | Collision risk acceptable |
| API authentication | HMAC-SHA256 | Includes secret key |
| SRI (browser) | SHA-256, SHA-384, SHA-512 | Browser-supported subset |
When in doubt, use SHA-256. It's secure, fast, widely supported, and has no known weaknesses. Only choose MD5/SHA-1 if you specifically need compatibility with legacy systems.
Hash Generation in Code
Every major programming language has built-in hash functions. Here's how to use them safely.
| Language | SHA-256 Example |
|---|---|
| JavaScript (Node) | crypto.createHash("sha256").update(data).digest("hex") |
| JavaScript (Browser) | crypto.subtle.digest("SHA-256", buffer) |
| Python | hashlib.sha256(data.encode()).hexdigest() |
| PHP | hash("sha256", $data) |
| Java | MessageDigest.getInstance("SHA-256").digest(bytes) |
| C# | SHA256.Create().ComputeHash(bytes) |
For passwords, don't use these directly. Use dedicated libraries: bcrypt (most languages), passlib (Python), or the Web Crypto API with PBKDF2 as a fallback.
Frequently Asked Questions
Can two different files have the same hash?
Theoretically yes—it's called a collision. With SHA-256, the probability is astronomically low (1 in 2^128 for birthday attack). For MD5 and SHA-1, collisions have been demonstrated practically, which is why they're considered broken for security purposes.
Can I decrypt a hash to get the original data?
No. Hash functions are one-way by design. You cannot reverse a hash. Attackers "crack" hashes by guessing inputs and checking if they produce the same hash—which is why slow password hashes and salts are important.
Why is MD5 still used if it's broken?
MD5 is fast and its 32-character output is convenient. It's fine for non-security uses like cache keys, ETags, deduplication, or quick checksums where an attacker can't exploit collisions. Just never use it for passwords, signatures, or security verification.
What's the difference between a hash and encryption?
Encryption is reversible (with a key)—you can decrypt to get the original. Hashing is one-way—you cannot recover the original from the hash. Use encryption when you need the data back; use hashing for verification and integrity.
How long does it take to crack a SHA-256 hash?
It depends on the input. For a random 256-bit key, it would take longer than the age of the universe. For a weak 6-character password, a GPU can crack it in minutes. This is why password complexity and proper password hashing algorithms (bcrypt, Argon2) matter.