What Is a Cryptographic Hash?

A hash function takes any input — a word, a sentence, a file — and produces a fixed-length string of characters called a hash or digest. The same input always produces the same hash, but even a tiny change in the input (one letter, one space) produces a completely different hash. And crucially, you cannot reverse a hash to get the original input — hashing is a one-way process.

This makes hashes incredibly useful for verifying data integrity, storing passwords securely, generating checksums, and signing digital documents without revealing the original content.

SHA-256, SHA-512, and MD5 — Which to Use?

• SHA-256 — Part of the SHA-2 family. Produces a 256-bit (64 character) hash. This is the current standard for security-sensitive use cases. Used in Bitcoin, TLS certificates, and file integrity verification. Recommended for most purposes.
• SHA-512 — Also SHA-2, but produces a 512-bit (128 character) hash. Slower but marginally stronger. Useful when extra collision resistance is needed for large files or high-security applications.
• MD5 — Produces a 128-bit (32 character) hash. Fast but cryptographically broken — do not use MD5 for security purposes. It is still widely used for non-security tasks like checking if a file download completed without corruption.

Practical Uses for Hash Generation

• File integrity: Hash a file before and after transfer to confirm nothing changed.
• Password storage: Databases store hashes of passwords, not the passwords themselves.
• Data deduplication: Hash files to find exact duplicates without comparing content byte by byte.
• API request signing: Hash request payloads to verify they were not tampered with in transit.
• Digital fingerprinting: Identify a specific version of a file or document uniquely.