Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Cryptography – Post 1: Hashing Basics
Cryptography – Post 1: Hashing Basics
I’ve recently started diving into cryptography — not from the headlines, but from the ground up.
I’m starting with hashing: what it is, how it works, and where it shows up in real systems.
What is Hashing?
Hashing is the process of turning any piece of data (text, password, file, etc.) into a fixed-length, irreversible string — called a hash or digest.
A good hash function has these properties:
- Deterministic → same input = same output
- One-way → you can’t go backwards
- Collision-resistant → different inputs = different outputs
- Fixed-size output → regardless of input length
Hashing vs. Encryption
| Feature | Hashing | Encryption |
|---|---|---|
| Direction | One-way (irreversible) | Two-way (encrypt & decrypt) |
| Output length | Fixed | Variable |
| Main purpose | Verify, compare, fingerprint | Hide content from unauthorized access |
| Examples | Password storage, checksums | Securing messages, files, etc. |
Basic Hashing in Python (SHA-256)
import hashlib
msg = "hello world"
hashed = hashlib.sha256(msg.encode()).hexdigest()
print(hashed)
Output:
nginxKopierenBearbeitenb94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Even changing 1 character would give a completely different hash.
Where Is Hashing Used?
- Password storage –
Instead of saving the password directly, you save only the hash of it.
When the user logs in, hash their input and compare the result. - File integrity checks –
Sites often share SHA256 hashes of files.
If your download has a different hash, it’s been tampered with. - Digital signatures –
Hashing ensures the data being signed is authentic and unchanged. - Blockchain –
Each block stores a hash of the previous block, linking the chain.
Not All Hash Functions Are Equal
| Function | Length | Status |
|---|---|---|
| MD5 | 128-bit | Broken (collisions found) |
| SHA-1 | 160-bit | Broken |
| SHA-256 | 256-bit | Strong (used in Bitcoin) |
| SHA-512 | 512-bit | Strong, longer |
Older functions like md5 or sha1 are not secure for passwords or sensitive data anymore.
Why Use Salt?
Even though hashing is irreversible, there’s still a risk:
If two people use the same password, their hashes will be identical — which helps attackers.
Solution: Add a unique salt (random string) to each password before hashing.
password = "password123"
salt = "a8#r@9k*"
combined = password + salt
hashed = hashlib.sha256(combined.encode()).hexdigest()
Now even if two users have the same password, their hashes will differ.
Summary
- Hashing is NOT encryption — it’s a one-way transformation.
- It’s everywhere: login systems, downloads, blockchains.
- Strong algorithms like SHA-256 are essential.
- Salting is required for secure password hashing.
- Hashing is often the first step before doing more advanced cryptography like digital signatures or encryption.