Hash Algorithms: From SHA-256 to Password Storage
How hash functions work, the SHA family, real-world uses, and security pitfalls every developer should know.
No sane developer stores passwords in plaintext. You run them through a hash function so the original value becomes unrecoverable. But hashing goes way beyond passwords. Blockchain runs on it. Git identifies commits with it. File downloads use it for integrity checks. It's everywhere once you start looking.
What a Hash Function Does
A hash function takes input data and produces a fixed-length output. That output goes by several names: hash, digest, checksum.
A few properties make hash functions useful:
Deterministic — Same input, same output, every time. Feed "hello" into SHA-256 and you always get 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824.
One-way — You can't reverse-engineer the input from the hash. At least not in any practical sense.
Avalanche effect — Change one bit of input and the output changes completely. "hello" and "hellp" produce entirely different hashes.
Collision resistance — It should be extremely hard to find two different inputs that produce the same hash.
The SHA Family
SHA (Secure Hash Algorithm) is a set of hash functions designed by the NSA and standardized by NIST.
SHA-1
Produces a 160-bit (40 hex character) output. Git commit hashes are SHA-1. But in 2017, Google demonstrated a practical collision — two different PDF files with the same SHA-1 hash. Since then, SHA-1 has been deprecated for security purposes.
SHA-256
256-bit (64 hex character) output. The most widely used hash function today. Bitcoin mining is SHA-256 based. SSL/TLS certificates, software signing, and most security-related hashing rely on it.
SHA-384 / SHA-512
Longer output. SHA-512 can actually be faster than SHA-256 on 64-bit processors because it was designed around 64-bit operations.
SHA-3
Based on the Keccak algorithm. Completely different internal structure from SHA-2. It exists as a backup standard in case SHA-2 is ever broken. SHA-2 remains secure though, so SHA-3 adoption is still low.
Hashing vs Encryption
These are fundamentally different operations. Mixing them up is a common mistake.
| Hashing | Encryption | |
|---|---|---|
| Direction | One-way (irreversible) | Two-way (decrypt with key) |
| Purpose | Integrity verification, identification | Confidentiality |
| Key required | No | Yes |
| Examples | SHA-256, bcrypt | AES, RSA |
Saying "encrypted with a hash" is technically wrong. Hashing is not encryption.
Real-World Uses
Password Storage
Hash the password, store the hash. If the database leaks, the plaintext passwords stay hidden. But plain SHA-256 isn't enough.
Problem 1: Rainbow tables. Pre-computed tables mapping common passwords to their SHA-256 hashes exist. "password123" can be looked up instantly.
Solution: Salt. Append a random string to the password before hashing. Same password with different salts produces different hashes.
Problem 2: Speed. SHA-256 is fast. For passwords, that's a weakness. Attackers can try billions of hashes per second.
Solution: bcrypt, scrypt, Argon2. These are intentionally slow hash functions. Argon2 is the current recommendation. For passwords, always use a dedicated password hashing function — never raw SHA-256.
File Integrity Verification
When you download software, the provided SHA-256 checksum lets you verify the file wasn't tampered with. Compute the hash of your downloaded file and compare it to the official one.
# Linux/macOS
sha256sum downloaded-file.iso
# or
shasum -a 256 downloaded-file.iso
# Windows PowerShell
Get-FileHash downloaded-file.iso -Algorithm SHA256
Package managers work the same way. npm stores SHA-512 hashes in package-lock.json under the integrity field. If someone tampers with a package, the hash won't match and installation fails.
Git
Every Git object (commit, tree, blob) is identified by its SHA-1 hash. A commit hash like a1b2c3d is the SHA-1 of that commit's content — the changes, author, timestamp, parent commit, and so on. Change a single byte and the hash changes, which guarantees commit integrity.
# Similar to what Git does internally
echo -n "blob 5\0hello" | sha1sum
# ce013625030ba8dba906f756967f9e9ca394464a
Git is in the process of transitioning to SHA-256 due to practical SHA-1 collision attacks. You can already create SHA-256 repositories with git init --object-format=sha256, though it's still experimental.
Blockchain
Bitcoin's Proof of Work is essentially a brute-force search for a SHA-256 hash that starts with a certain number of zeros. Because of how hashes work, you can't predict the output — you just have to keep trying different inputs. That's what mining is, and why it requires massive computational resources.
HMAC
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to create a message authentication code. It's used to verify that API requests haven't been tampered with. AWS API signing and GitHub webhook verification both use HMAC-SHA256.
Why MD5 Is Dead
MD5 produces a 128-bit hash and dates back to 1991. Collisions were found in 2004, and eventually it became possible to generate them on a laptop. MD5 is completely retired from security use. You'll still see it used for non-security checksums (like quick file comparison), but never use it where security matters.
There's a famous demonstration where researchers created two different images with identical MD5 hashes. It really drives home why hash collisions are dangerous.
Hashing in Code
Most languages make hash computation trivial.
// Node.js
const crypto = require("crypto");
const hash = crypto.createHash("sha256").update("hello").digest("hex");
// 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
# Python
import hashlib
h = hashlib.sha256(b"hello").hexdigest()
# CLI
echo -n "hello" | sha256sum
The -n flag in echo -n matters. Without it, a newline character gets included and you get a completely different hash. It's a surprisingly common mistake.
If you want a quick way to check hashes in the browser, try the Hash Generator. Enter text and see MD5, SHA-1, SHA-256, and SHA-512 outputs side by side.
Picking the Right Hash
Here's a quick cheat sheet:
- Password storage: Argon2 or bcrypt. Do not use SHA.
- File integrity: SHA-256 is standard. For speed-critical non-security cases, xxHash or BLAKE3 work well
- Data structures (hash maps, etc.): Your language runtime's built-in hash is fine. Security isn't relevant here
- Digital signatures, certificates: SHA-256 or higher
- Fast checksums: CRC32, xxHash. Only when security doesn't matter
Mixing up the use cases is where things go wrong. "A hash is a hash, right?" — that kind of thinking leads to storing passwords with SHA-256. Hash algorithms are tools in a toolbox. Don't use a hammer on screws.