Cryptographic Hash Function in a Nutshell

Photo from Unsplash by Markus Spiske

A hash function takes an input with an arbitrary length (it can be a text message, a picture, a video, a large file, you can hash anything!) and returns a random string with fixed length. This string is often called hash value, message digest or simply digest.

Made a little illustration to give you a better idea how it works

Basic characteristics of Secure Hash Functions:

  • Secure / Irreversible. It’s easy to calculate a hash for any given data, however it’s (almost) impossible to get the data from the hash.
  • Unique. It is extremely unlikely that two different messages will have the same hash. Every hash is unique. Even if you change one character, the hash changes entirely. This is called the Avalanche effect.
  • Fixed size. No matter how long the original data is you will always get fixed sized digest from the hash function.
  • Deterministic. The same message always results in the same hash.
Photo from Unsplash by James Sutton

Use Cases:

Password verification

The secure way of storing user passwords is to only store the hash of each password so if the password file is compromised the bad guys can’t get the actual passwords. To authenticate users, a password given by the user is hashed and compared with the stored hash.

Message Integrity

Another application of hash functions is verifying the integrity of messages and files. Comparing hash values can determine whether any changes have been made to the file or message.

Proof of work

Proof of work (PoW) is a decentralized consensus mechanism that requires members of a network to solve mathematical puzzles to prevent bad actors from cheating the system. It is widely used in cryptocurrency mining, (most popularly in Bitcoin) for validating transactions.

SSL/TSL Certificates

HTTPS indicates a secure connection when accessing websites. To get HTTPS you need an SSL /TSL certificate. The certificate is verified when your browser downloads the web server’s certificate, hashes the certificate then compares it with the hash value inside the certificate.

Photo from Unsplash by Markus Spiske

Popular Hash Functions:


Developed in 1991 by cryptographer Ron Rivest. It was a widely used hash function until it has been broken. It‘s no longer suitable for further use.


Designed in 1992, it’s a strengthened version of RIPEMD. Less popular than SHA-1 and SHA-2 and mainly used in Bitcoin.


From 1995 SHA-1 is generally used in security applications and protocols, including TSL/SSL, SSH, PGP. It is recommended to replace SHA-1 with the more secure SHA-2 or SHA-3.


Developed in 2001, it consists of six hash functions from which are SHA-256 and SHA-512 are the most popular. SHA-2 is considered secure and it is the most used Secure Hash Algorithm today.


Latest member of the SHA standards, released in 2015 by NIST. It is a subset of the broader cryptographic family Keccak. The purpose of SHA-3 that it can be substituted for SHA-2 in current applications if necessary.


Cryptographic Hash Functions are one of the basic tools of modern cryptography. They can be used to verify data, store passwords, reach consensus in a decentralized network or to verify the security of a website.

Developer. I write about crypto