Hash Functions: MD5 to SHA-256 Guide

A hash function takes an input (message) of any size and produces a fixed-size output (hash, digest, or fingerprint). Key properties: • Deterministic: Same input always produces the same output • Fast to compute: Hashing should be quick even for large inputs • One-way: Computationally infeasible to reverse • Avalanche effect: Small input changes produce dramatically different outputs • Collision resistant: Hard to find two inputs that produce the same hash Simple example: Input: "Hello World" SHA-256 hash: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e Input: "Hello World!" (just added !) SHA-256 hash: 7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069 Notice how completely different the hashes are despite the inputs being nearly identical.

MD5 (1991) • Output: 128 bits (32 hex characters) • Status: BROKEN - Do not use for security • Still used for: Non-security checksums, fingerprinting • Collisions: Found in 2004, practical attacks exist SHA-1 (1995) • Output: 160 bits (40 hex characters) • Status: DEPRECATED - Avoid for new systems • Collision found in 2017 (SHAttered attack) • Legacy systems may still use it SHA-256 (SHA-2 family, 2001) • Output: 256 bits (64 hex characters) • Status: SECURE - Recommended for most uses • Part of SHA-2 family (includes SHA-224, SHA-384, SHA-512) • Used in Bitcoin, TLS certificates, many security protocols SHA-3 (2015) • Output: 224-512 bits (configurable) • Status: SECURE - Latest standard • Different internal design than SHA-2 (Keccak algorithm) • Good as a backup if SHA-2 ever broken BLAKE2/BLAKE3 • Modern, very fast algorithms • Secure alternative to SHA-2/SHA-3 • Popular in cryptocurrency and file hashing

Regular hash functions are NOT suitable for password hashing! They're designed to be fast, but for passwords, we want slow. Why slow is good for passwords: • Attackers can try billions of SHA-256 hashes per second • With slow password hashes, they might try only thousands • This dramatically increases the cost of brute-force attacks Password-specific algorithms: bcrypt (1999) • Configurable work factor (slows down over time) • Built-in salt • Widely supported, battle-tested • Recommended for most applications Argon2 (2015) • Password Hashing Competition winner • Memory-hard (defeats GPU attacks) • Three variants: Argon2d, Argon2i, Argon2id • Best choice for new systems scrypt (2009) • Memory-hard design • Used by some cryptocurrencies • More complex to configure than bcrypt NEVER use: MD5, SHA-1, SHA-256, or any fast hash for passwords!

File integrity verification: • Download sites show SHA-256 checksums • Compare your computed hash with the published one • Detects corrupted or tampered files Digital signatures: • Hash the document first, then sign the hash • Faster than signing the entire document • Hash ensures any change invalidates the signature Data structures: • Hash tables use hashes for fast lookups • Git uses SHA-1 to identify commits (moving to SHA-256) • Blockchain uses hashes for block linking Password storage: • Store hash, not the actual password • Verify by hashing the input and comparing • Even if database is leaked, passwords aren't revealed Message authentication (HMAC): • Combines hash with a secret key • Verifies both integrity and authenticity • Used in API authentication, session tokens Deduplication: • Hash file contents to identify duplicates • Storage systems use this to save space • Cloud sync uses it to detect changes

Salt: • Random data added to each password before hashing • Stored alongside the hash • Prevents rainbow table attacks • Makes identical passwords have different hashes Example with salt: Password: "password123" Salt: "x7Kj9mP2" Hash input: "x7Kj9mP2password123" Result: Unique hash even if someone else uses "password123" Pepper: • Secret value added to all passwords • NOT stored in the database (kept in application config) • Adds extra layer if database is compromised • Less common than salt, but adds defense-in-depth Key stretching: • Running the hash function many times • Makes brute-force attacks slower • bcrypt and Argon2 include this automatically Best practice: • Use a purpose-built password hashing library • Never implement your own password hashing • Let the library handle salt generation and storage

Collision attacks: • Finding two inputs with the same hash • Practical for MD5 and SHA-1 • Defense: Use SHA-256 or newer Preimage attacks: • Finding an input that produces a specific hash • Much harder than collision attacks • No practical attacks on any current standard hash Rainbow tables: • Precomputed tables of hash → password mappings • Defense: Always use salt Brute force: • Try all possible inputs • For passwords: Use slow hash functions (bcrypt, Argon2) • For files: Infeasible due to input size Length extension attacks: • Possible with some hash constructions • Defense: Use HMAC instead of plain hashing for authentication Timing attacks: • Comparing hashes byte-by-byte leaks information • Defense: Use constant-time comparison functions