What a hash gives you
A cryptographic hash turns any input into a fixed-length fingerprint. The same input always gives the same digest, a one-character change scrambles the whole thing (the "avalanche" effect), and you can't run it backwards to recover the input. Output sizes:
| Algorithm | Output | Notes |
|---|---|---|
| SHA-256 | 64 hex chars (256-bit) | The sensible default today |
| SHA-512 | 128 hex chars (512-bit) | Larger digest, often faster on 64-bit |
| SHA-1 | 40 hex chars (160-bit) | Broken — checksums only, never security |
Gotcha — never hash passwords like this. Plain SHA is far too fast, which is exactly what an attacker wants. For passwords use a slow, salted algorithm built for it — bcrypt, scrypt or Argon2. SHA here is for checksums, fingerprints and integrity checks, not credential storage.
The avalanche effect, concretely
SHA-256 of hello begins 2cf24dba5fb0a30e…. Change one letter to Hello and the digest becomes 185f8db32271fe25… — completely different, with no resemblance to the first. One flipped input bit changes about half the output bits. That is what lets a hash detect the tiniest change to a file, and why you cannot work backwards from a digest to its input.
Hashing in different languages
# Command line
echo -n "hello" | sha256sum
# Python
import hashlib
hashlib.sha256(b"hello").hexdigest()
// JavaScript (browser)
const buf = await crypto.subtle.digest(
"SHA-256", new TextEncoder().encode("hello"));
const hex = [...new Uint8Array(buf)]
.map(b => b.toString(16).padStart(2, "0")).join("");What hashes are good for
- File integrity — compare a download's SHA-256 against the published checksum to confirm it was not corrupted or tampered with.
- Deduplication and caching — using a content hash as a key, so identical content maps to the same entry.
- Fingerprinting — telling whether two pieces of data are the same without comparing them byte by byte.
Why you can't just SHA a password
This is the mistake that leaks a million accounts at a time. SHA-256 was designed to be fast, and a modern GPU computes billions of them a second. Point that at a stolen table of SHA-256 password hashes and an attacker grinds through every common 8-character password in hours, not years. The speed that makes SHA great for checksums makes it useless for passwords.
Password hashing wants the opposite of fast: deliberately slow, memory-hungry, and salted. A salt is a random value stored next to each hash so two people with the same password still get different hashes, which kills the precomputed "rainbow tables" attackers keep on hand. You don't build this yourself — you use bcrypt, scrypt, or Argon2 (the current first choice), which bake in the salt and a tunable cost you can crank up as hardware gets faster. If you find sha256(password) anywhere near a login, treat it as a security bug, not a style preference.
HMAC: proving who sent something
A plain hash tells you a file hasn't changed. It can't tell you who produced it, because anyone can recompute it. HMAC closes that gap by folding a secret key into the hash, so only someone holding the key can generate a valid tag. It's everywhere once you look: webhook providers like Stripe and GitHub send a signature header you verify with HMAC-SHA256 to confirm the request really came from them, signed API requests use the same idea, and the HS256 flavour of a JWT is HMAC under the hood. Same SHA doing the work, plus a key — and that key is the entire difference between "this data is intact" and "this data came from someone I trust".
What's the difference between a hash and HMAC?
A plain hash verifies integrity — that data hasn't changed. HMAC mixes in a secret key, so it also proves authenticity: only someone with the key could have produced the tag. Webhook and API signatures use HMAC for exactly this reason.
Is a checksum like CRC32 the same as a cryptographic hash?
No. CRC32 and similar checksums catch accidental corruption (a flipped bit in transit) and are fast, but they're easy to forge deliberately. For anything where an attacker might tamper with the data, use a cryptographic hash like SHA-256.
What is a hash collision, and should I worry about it?
A collision is two different inputs with the same hash. For SHA-256 this is computationally infeasible to engineer, so it is safe for integrity checks. SHA-1 collisions, by contrast, have been demonstrated — another reason to avoid it for anything security-related.
Can I reverse a hash back to the text?
No. Hashing is one-way by design. "Decoders" online are just databases of pre-computed common inputs — they don't reverse the maths.
Where is the hashing done?
In your browser, via the built-in Web Crypto API. Your text isn't uploaded. (Hashing needs a secure https page, which this site is.)
Why no MD5?
The Web Crypto API doesn't provide MD5, and that's fine — MD5 is cryptographically broken. Use SHA-256 for anything new.