You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
A cryptographic hash function takes an input of any size and produces a fixed-length output called a hash, digest, or fingerprint. Hash functions are one-way — you cannot reverse a hash to recover the original input — and they are fundamental to integrity verification, password storage, digital signatures, and blockchain technology.
A secure cryptographic hash function must satisfy these properties:
| Property | Definition | Example |
|---|---|---|
| Deterministic | The same input always produces the same output | SHA-256("hello") always returns the same 256-bit hash |
| Fast computation | The hash can be computed quickly | Processing gigabytes of data in seconds |
| Pre-image resistance | Given a hash h, it is infeasible to find any input m such that hash(m) = h | Cannot reverse a hash to find the original password |
| Second pre-image resistance | Given input m₁, it is infeasible to find a different m₂ with hash(m₁) = hash(m₂) | Cannot find a different file with the same hash as a known file |
| Collision resistance | It is infeasible to find any two different inputs that produce the same hash | No two documents should produce the same SHA-256 hash |
| Avalanche effect | A tiny change in input produces a drastically different hash | Changing one bit flips approximately 50% of the output bits |
SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e7304...
SHA-256("Hello") = 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1...
Changing just one character (h → H) completely changes the output.
| Property | Value |
|---|---|
| Output size | 128 bits (32 hex characters) |
| Status | Broken — collisions can be found in seconds |
| Published | 1991 (Ron Rivest) |
MD5 should never be used for security purposes. Practical collision attacks were demonstrated in 2004, and in 2008 researchers created a rogue CA certificate using an MD5 collision.
| Property | Value |
|---|---|
| Output size | 160 bits (40 hex characters) |
| Status | Broken — Google's SHAttered project produced a collision in 2017 |
| Published | 1995 (NSA/NIST) |
SHA-1 is deprecated for digital signatures and certificates. Major browsers and CAs stopped accepting SHA-1 certificates in 2017.
| Variant | Output Size | Status |
|---|---|---|
| SHA-224 | 224 bits | Secure |
| SHA-256 | 256 bits | Widely used — industry standard |
| SHA-384 | 384 bits | Secure |
| SHA-512 | 512 bits | Secure |
SHA-256 is the most commonly used hash function today — used in TLS certificates, code signing, Bitcoin, and file integrity verification.
| Property | Value |
|---|---|
| Output sizes | 224, 256, 384, 512 bits |
| Structure | Sponge construction (different from SHA-2's Merkle-Damgård) |
| Published | 2015 (selected by NIST competition) |
| Status | Secure — serves as a backup if SHA-2 is ever compromised |
SHA-3 is not a replacement for SHA-2 — it is an alternative with a fundamentally different internal design, providing algorithm diversity.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.