A hash function is a special kind of function that takes any input - a sentence, a password, a file - and produces a fixed-length output (called a hash or digest).
Think of it like a digital fingerprint:
| Property | Meaning | Why It Matters |
|---|---|---|
| Deterministic | Same input ? always same output | Consistency is crucial for verification |
| Fast | Can compute quickly, even for big inputs | Must be practical for real-world use |
| Avalanche Effect | Small change in input ? big change in output | Makes tampering detection easy |
| Pre-image Resistance | Hard to go backward from output to input | Protects original data from being recovered |
| Collision Resistance | Hard to find two different inputs with same output | Prevents forgery and attacks |
Let's hash the word: Hello
Using SHA-256, you get:
If you change it to: hello (just lowercase 'h'), you get:
Even though it's just one letter that changed, the output is completely different! That's the avalanche effect.
Type two similar messages and see how different their hashes are:
What is the difference between message 1 and message 2?
Under the hood, hash functions like SHA-256 follow these steps:
These steps are one-way only - there's no shortcut to reverse them!
Try hashing different types of content:
| Use Case | How Hashes Help | Example |
|---|---|---|
| Password Storage | Store only the hash of a password. Even if stolen, it can't be reversed. | Website databases store password hashes, not actual passwords |
| File Integrity | Compare a file's hash before and after download. If it changes, it's been altered. | Software downloads often include hash checksums |
| Digital Signatures | Sign a short hash of a document instead of the full text | Legal documents, contracts, certificates |
| Blockchain | Hashes link blocks and keep the chain tamper-proof | Bitcoin, Ethereum, and other cryptocurrencies |
This is how websites should store your passwords:
What gets stored in the database:
No. Good hash functions are designed to be impossible to reverse. Even with powerful computers, you can't go from:
back to:
The quick brown fox jumps over the lazy dog
This is called pre-image resistance.
Simulate checking if a file has been tampered with:
What happens to the hash if you change just one letter in your input?
Try it in the demo above to find out!
Why is it better to store password hashes instead of actual passwords?
Hint: Think about what happens if someone steals the database...
Can you "unhash" a hash to get the original input back?
This is called "pre-image resistance"!
Is it possible for two different inputs to have the same hash?
This would be called a "collision" - it's theoretically possible but extremely rare with good hash functions!
When you download a file, websites often provide a hash. After downloading, you can hash your file and compare - if the hashes match, you know the file wasn't corrupted or tampered with during download!
In blockchain technology, each block contains the hash of the previous block, creating an unbreakable chain. If someone tries to alter a past transaction, the hash would change, and everyone would know!