A hash is the output of a hash function: a deterministic mathematical algorithm that maps input data of arbitrary size to a fixed-size value (commonly shown in hexadecimal). Hashes are one-way: given a hash you generally cannot recover the original input. Cryptographic hash functions add security properties that make them useful for integrity checks, authentication, digital signatures, and blockchain consensus.
Key takeaways
– A hash function takes variable-length input and produces a fixed-length output (e.g., SHA‑256 produces a 256‑bit / 64‑hex‑character result).
– Cryptographic hashes are deterministic, fast to compute, and designed to be one‑way, collision‑resistant, and resistant to preimage attacks.
– Hashes are widely used to verify file integrity, secure passwords (when used correctly), and form the backbone of blockchain security.
– Not the same as encryption: hashing is irreversible by design; encryption is reversible with a key.
How hashes work (core properties)
Cryptographic hash functions share key security properties:
1. Deterministic: the same input always yields the same output.
2. Fixed output size: regardless of input length, output length is constant.
3. Preimage resistance: given a hash H, it should be computationally infeasible to find any input M such that hash(M) = H.
4. Second preimage resistance: given input M1, it should be infeasible to find M2 ≠ M1 with hash(M1) = hash(M2).
5. Collision resistance: it should be difficult to find any two distinct inputs that hash to the same value.
Fast fact
SHA‑256 (part of the SHA‑2 family) outputs 256 bits (64 hex characters). Bitcoin uses double SHA‑256 for its block headers; other cryptocurrencies use functions such as Keccak‑256, Scrypt, Ethash, Equihash, and BLAKE3.
Tip
Do not use a fast general-purpose hash (like SHA‑256 alone) to store passwords. Use a slow, memory-hard key derivation function designed for passwords (bcrypt, scrypt, Argon2) and include salts to prevent precomputed attacks.
Hashing and blockchains (overview)
– Each block in a blockchain contains a header with key fields (previous block hash, Merkle root of transactions, timestamp, difficulty target, nonce).
– The block header is hashed; in proof‑of‑work systems miners repeatedly change the nonce (and sometimes extra data) to produce a block hash that meets the network target (i.e., is numerically below the current difficulty target).
– Because each block includes the prior block’s hash, changing any earlier block would break all subsequent hashes and be easily detectable.
– Hashes thus provide immutability and tamper evidence across the chain.
Bitcoin hashing (simplified steps)
1. Collect transactions for a candidate block and compute the Merkle root (a hash representing all transactions).
2. Assemble the block header: version, previous block hash, Merkle root, timestamp, difficulty target, nonce.
3. Compute the double SHA‑256 of the block header (SHA‑256(SHA‑256(header))).
4. If resulting hash ≤ target (or has required number of leading zeros in hex), the block is valid and can be broadcast; otherwise adjust the nonce or extra header fields and repeat.
5. Other nodes verify by hashing the header and comparing to the published hash and target.
What is the main purpose of a hash?
Practical uses:
– Integrity verification (detecting file changes or corruption).
– Fast data indexing and lookup (hash tables).
– Password verification (with appropriate KDFs and salts).
– Digital signatures and certificate operations (hash the message then sign the hash).
– Blockchain security and proof‑of‑work consensus.
What is the simplest hash function?
A simple illustrative (non‑cryptographic) example is the mid‑square method: square the input number and take middle digits as the hash. Example: 61^2 = 3721 → take middle two digits → 72. This is educational only and has poor distribution and security; not suitable for cryptographic use.
What is a hash in cryptography?
In cryptography, a hash is a fixed‑length digest derived from a message that provides a compact fingerprint. It must be computationally infeasible to derive the original message from the hash or to find two different messages with the same hash. Cryptographic hashes are used in signatures, integrity checks, and as building blocks for many security protocols.
Practical steps — compute and verify hashes
A. Compute SHA‑256 on a file (examples)
– Linux/macOS command line:
• sha256sum filename
• or using OpenSSL: openssl dgst -sha256 filename
– Python:
• import hashlib
h = hashlib.sha256()
with open(‘filename’,’rb’) as f:
h.update(f.read())
print(h.hexdigest())
– Node.js:
• const crypto = require(‘crypto’);
const fs = require(‘fs’);
const hash = crypto.createHash(‘sha256’);
hash.update(fs.readFileSync(‘filename’));
console.log(hash.digest(‘hex’))
B. Verify a downloaded file
1. Obtain the hash published by the vendor (over a secure channel if possible).
2. Compute the file’s hash locally as above.
3. Compare the two hex strings exactly. If they match, the file has not been altered since the hash was produced.
C. Store passwords securely (recommended approach)
1. Never store plaintext passwords or raw fast hashes (e.g., SHA‑256 alone).
2. Use a modern password hashing function with salt and an appropriate work factor: Argon2id, bcrypt, or scrypt.
3. For each password:
• Generate a unique random salt, apply the password KDF with a high cost and memory parameter, store the salt and hash output.
4. Optionally add a server-side secret “pepper” stored separately from the database.
5. Periodically review and increase cost parameters as hardware improves.
D. Verify integrity in a blockchain context (simple checklist)
1. Retrieve the block header fields and the published block hash.
2. Compute the block header hash (for Bitcoin: double SHA‑256).
3. Confirm computed hash equals the published one and meets the difficulty target.
4. Confirm previous block hash matches the hash of the preceding block.
Security considerations and best practices
– Hash functions get weaker over time; prefer algorithms approved by standards bodies and migrate when weaknesses are found (NIST recommendations).
– Use cryptographic hashes for integrity and fingerprints; use appropriate KDFs for passwords.
– When distributing verification hashes, publish them over a channel that resists tampering (e.g., HTTPS with certificate pinning, code signing).
– For long-term integrity guarantees, consider combining digital signatures with hash digests.
The bottom line
Hashes are a foundational cryptographic primitive: compact, deterministic fingerprints that enable data integrity checks, indexing, secure password verification (when used properly), and blockchain security. Understanding the properties of cryptographic hashes and using the right algorithm for each task (KDF for passwords, SHA‑2/SHA‑3/BLAKE families for general hashing, memory‑hard KDFs for secrets) is essential for building secure systems.
Sources and further reading
– Zoe Hansen, Investopedia. “Hash.”
– NIST. “Recommendation for Applications Using Approved Hash Algorithms.” (NIST Special Publication) (see NIST guidance on approved hash algorithms)
– Movable Type Scripts. “SHA‑256 Cryptographic Hash Algorithm.” (reference implementation/explanation)
– Boot.Dev. “What Is SHA‑256?” (practical overview)
– Show live examples for your operating system (Linux, Windows, macOS),
– Provide sample code for Argon2 password hashing in Python,
– Or walk through a toy Bitcoin mining loop in Python to demonstrate nonce searching. Which would you like?