A hash (cryptographic hash function) turns any data into a fixed-size “fingerprint” that can’t be reversed: you can’t recover the original from the hash. It’s used to verify integrity, identify content and, with the right functions, to store passwords safely.
What is a hash?
A hash function takes an input (text, file, etc.) and produces a fixed-length output (e.g. 64 hex characters for SHA-256). Same input → same hash every time. A tiny change in the input completely changes the result. There’s no “key” to “decrypt” the hash, so it doesn’t replace encryption when you need to recover the original data.
Use in integrity and signing
- File verification: you download a file and its published hash (e.g. SHA-256). You compute the file’s hash; if it matches, the file wasn’t altered in transit.
- APIs and cache: the hash of content can serve as an ETag or version id to see if something changed.
- Git, blockchain and protocols: they identify commits, blocks or messages by their hash.
Here SHA-256, SHA-384 or SHA-512 make sense. An online hash generator lets you get the SHA of text or a file to compare with an expected value or document checksums.
Passwords: don’t use plain SHA
Storing passwords in plain text is unacceptable. Storing only the SHA-256 of the password isn’t recommended either: weak passwords can be tried at scale (rainbow tables, dictionaries). For passwords use slow functions with a salt: bcrypt, Argon2 or scrypt. The salt is a per-user random value that prevents two identical passwords from sharing the same hash and makes mass attacks harder.
In short: use hashes (SHA-256, etc.) for integrity, identification and signing; for passwords use bcrypt, Argon2 or scrypt—never a fast hash like SHA-256 alone without salt or iterations.