Every time you download a file, verify a password, or check a blockchain transaction, you are relying on hash functions. They are one of the most fundamental building blocks in computing, serving as the backbone for data integrity verification, password storage, digital signatures, and much more. Despite their ubiquity, hash functions are often poorly understood. This guide explains what hash functions are, how different algorithms compare, and when to use them.

What Is a Hash Function?

A hash function is an algorithm that takes an input of any size and produces a fixed-size output called a hash, digest, or checksum. Feed it a single character, and it produces a hash. Feed it a 10-gigabyte file, and it produces a hash of the same length. The output is deterministic — the same input always produces the same output. But even a tiny change to the input produces a completely different output.

A good cryptographic hash function has four essential properties. First, it is deterministic — the same input always produces the same hash. Second, it is fast to compute for any given input. Third, it has the avalanche effect — changing a single bit of input changes roughly half the bits in the output, making it impossible to predict how the hash will change. Fourth, it is one-way — given a hash, it should be computationally infeasible to find an input that produces that hash.

An additional property important for security is collision resistance — it should be extremely difficult to find two different inputs that produce the same hash. When collisions become feasible to find, the hash function is considered broken for cryptographic purposes.

Common Hash Algorithms Compared

Several hash algorithms have been widely used over the decades. Here is how they compare:

MD5 (Message Digest 5): Produces a 128-bit (32-character hexadecimal) hash. Developed in 1991, MD5 was the standard checksum algorithm for years. However, MD5 is now considered cryptographically broken. Practical collision attacks exist — researchers can generate two different files with the same MD5 hash in seconds on ordinary hardware. MD5 should not be used for security purposes like digital signatures or password hashing. It remains acceptable for non-security use cases like quick file integrity checks, deduplication, and cache keys, where intentional collisions are not a concern.

SHA-1 (Secure Hash Algorithm 1): Produces a 160-bit (40-character hex) hash. SHA-1 was widely used in SSL certificates, Git commits, and software signatures. In 2017, Google and CWI Amsterdam demonstrated the SHAttered attack — a practical collision against SHA-1. Since then, SHA-1 has been deprecated across the industry. Modern browsers reject SHA-1 SSL certificates, and Git has migrated to SHA-256 for object signing. Like MD5, SHA-1 should not be used for security-sensitive applications.

SHA-256 and SHA-512:Part of the SHA-2 family, these produce 256-bit (64-character hex) and 512-bit (128-character hex) hashes respectively. SHA-2 is the current standard for cryptographic hashing. SHA-256 is used in TLS certificates, code signing, blockchain (Bitcoin's proof-of-work), password hashing frameworks, and government applications. No practical attacks against SHA-2 have been found. For new applications, SHA-256 is the default choice unless you have a specific reason to use a different algorithm.

SHA-3: The newest member of the Secure Hash Algorithm family, based on the Keccak sponge construction. SHA-3 is not meant to replace SHA-2 but to serve as a backup alternative with a fundamentally different internal structure. If a weakness were ever found in SHA-2, SHA-3 would be ready as a drop-in replacement. For now, SHA-2 remains the recommended choice for most applications, but SHA-3 is gaining adoption in new systems.

Using Checksums for File Verification

One of the most practical applications of hash functions is verifying that a file has not been corrupted or tampered with during transfer. Here is how it works:

When you download a file from the internet, the publisher often provides a checksum alongside the download link — typically a SHA-256 hash of the file. After downloading, you compute the hash of the file on your machine and compare it to the published hash. If they match, the file is intact. If they differ, the file was corrupted during download or tampered with.

This is particularly important for software installations. Linux distributions routinely provide SHA-256 checksums for their ISO images. If you install from a corrupted ISO, you might get an unstable system or unknowingly install malware. Taking 30 seconds to verify the checksum protects you from this risk.

To compute a checksum locally, you can use command-line tools like sha256sum on Linux and macOS, or PowerShell's Get-FileHash on Windows. For a browser-based approach, the hash generator on KnowKit lets you compute MD5, SHA-1, SHA-256, and SHA-512 hashes of text or files without uploading anything to a server.

Hash Functions for Password Storage

Storing user passwords in plain text is a catastrophic security failure. If a database is breached, every user's password is immediately exposed. The industry standard is to store a hash of the password instead. When a user logs in, the system hashes the entered password and compares it to the stored hash. If they match, the password is correct.

However, using a plain hash like SHA-256 is insufficient for password storage. Attackers can use precomputed tables (rainbow tables) of hashes for common passwords, or simply hash every word in a dictionary and compare against the stored hashes. To defend against these attacks, password hashing uses two additional techniques:

Salting: A salt is a random value that is unique per user and combined with the password before hashing. Two users with the same password will have different hashes because their salts are different. This makes rainbow tables useless — an attacker would need to compute a separate table for every possible salt, which is computationally infeasible.

Key stretching: Purpose-built password hashing algorithms like bcrypt, scrypt, and Argon2 are deliberately slow to compute. Where SHA-256 might compute a hash in microseconds, bcrypt can be tuned to take 100 milliseconds. This makes brute-force attacks dramatically more expensive. For passwords, always use a dedicated password hashing algorithm — never use general-purpose hash functions like SHA-256 directly.

Security Implications

Choosing the right hash algorithm for your use case has real security implications. Here are common scenarios and the recommended approach:

For file integrity verification, use SHA-256. It is fast, widely supported, and has no known vulnerabilities. For password storage, use bcrypt, scrypt, or Argon2 with per-user salts. For digital signatures and certificates, use SHA-256 or SHA-512 with RSA or ECDSA. For data deduplication or cache keys, MD5 or SHA-1 are acceptable since collision resistance is not security-critical. For blockchain and cryptocurrency, the specific algorithm depends on the chain — Bitcoin uses SHA-256, Ethereum uses Keccak-256 (a SHA-3 variant).

A critical mistake to avoid is using a hash function for a purpose it was not designed for. General-purpose hashes like SHA-256 are fast, which is great for file verification but terrible for password storage. Password hashes need to be slow. Conversely, password hashing algorithms are too slow for file verification where you might need to hash gigabytes of data.

Conclusion

Hash functions are essential tools for verifying data integrity, protecting passwords, and securing digital communications. MD5 and SHA-1 are broken for security purposes — use SHA-256 for integrity verification and bcrypt or Argon2 for password storage. The key is matching the right algorithm to the right use case. Try the hash generator on KnowKit to compute checksums for your files and text — all processing happens locally in your browser.