Cryptographic hash function A cryptographic hash function is a one-way function. The hash is irreversible. You can’t re-create the original data from the hash even with knowing the hash algorithm and the checksum.

• Commonly used for verifying file integrity. e.g. after a download
  • Download provider can hash the file and provide the resulting digest.
• Operating systems and applications use hashes to store passwords. It’s not a good idea to store passwords in plaintext. The OS or application just hashes the password provided and compares the hash to the stored hash. If they match the password is correct.
  • This is why we can’t retrieve passwords from storage, and they can only be reset.

Hashing Algorithms #

Message-Digest Algorithm version 5 (MD5)

• First most common hashing algorithm
• No longer considered safe
• Some SMTP servers use a special form of MD5:
  • Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5)

Secure Hash Algorithm (SHA)

• Includes SHA-1, SHA-2, SHA-3
• SHA-1: produces 160-bit message digest
  • No longer considered safe
• SHA-2:
  • SHA-224: 224-bit message digest
  • SHA-256: 256-bit message digest
  • SHA-384: 384-bit message digest
  • SHA-512: 512-bit message digest
  • SHA-2 is still considered safe, and is the most popular hashing algorithm
• SHA-3:
  • SHA3-244, SHA3-256, SHA3-384, SHA3-512