What is a Hash Function?

Q: What is a hash function?

A hash function is a mathematical function that takes input of any size and produces a fixed-size output (called a digest or hash). The same input always produces the same output, and it is computationally infeasible to reverse the hash back to the original input.

Q: What is a hash collision?

A hash collision occurs when two different inputs produce the same hash output. All hash functions can theoretically have collisions (since input space is infinite but output space is finite), but cryptographic hash functions are designed to make collisions extremely difficult to find intentionally.

Q: Can you decrypt a hash?

No. Hashing is a one-way process — you cannot mathematically reverse it. However, common hashes can be looked up in precomputed rainbow tables. This is why passwords should be salted before hashing.

A hash function maps input data of any size to a fixed-length output string. It is deterministic (same input always gives same output) and one-way (you cannot reverse the hash to recover the input).

Definition

Hashing transforms data into a short, fixed-length string called a digest or hash. For example, the SHA-256 hash of hello is always 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824.

Properties of Cryptographic Hash Functions

Deterministic — same input always produces same output
One-way — computationally infeasible to reverse
Avalanche effect — a tiny change in input produces a completely different output
Collision resistant — hard to find two different inputs with the same hash
Fixed output length — output length is constant regardless of input size

Common Hash Algorithms

MD5 — 128-bit output; fast but cryptographically broken. Use only for checksums, not security.
SHA-1 — 160-bit output; deprecated for security use since 2017.
SHA-256 — 256-bit output; current standard for secure applications.
SHA-512 — 512-bit output; higher security margin, used in password hashing.
bcrypt / Argon2 — purpose-built for password hashing; deliberately slow to resist brute force.

Common Uses

Password storage — store hashes, not plaintext passwords
File integrity — verify a downloaded file hasn't been tampered with
Digital signatures — sign the hash of a document, not the document itself
Data structures — hash tables use hash functions to map keys to storage locations
Blockchain — each block contains the hash of the previous block

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly: Open Hash Generator →

Frequently Asked Questions

Can you decrypt a hash?

No. Hashing is one-way. You cannot mathematically reverse it. However, common hashes can be looked up in precomputed rainbow tables, which is why passwords must be salted before hashing.

What is a hash collision?

A collision is when two different inputs produce the same hash. Cryptographic functions are designed to make this extremely hard to find intentionally. MD5 and SHA-1 have known practical collision attacks, which is why they are no longer trusted for security.

What is salting?

A salt is random data added to a password before hashing it. This ensures two identical passwords produce different hashes, defeating rainbow table attacks.

Related Terms

MD5 — The most widely known hash algorithm — now considered insecure.
SHA-256 — The current standard secure hash algorithm.
SSL/TLS — Uses hash functions as part of the handshake and certificate chain.