Complete Hashing Guide
Everything you need to know about cryptographic hash functions for developers.
Cryptographic hashing is a fundamental technique in computer security that transforms data of any size into a fixed-length character string. Hashes are one-way: you cannot reverse a hash back to the original text, making them ideal for verifying integrity and storing passwords. MD5 was widely used but is now considered insecure for cryptographic applications due to collision vulnerabilities. SHA-256 is the modern standard, producing 256-bit hashes that are collision-resistant. For storing passwords, SHA-256 alone is not sufficient: you should use PBKDF2, bcrypt, or Argon2, which add salt and multiple iterations to protect against brute-force attacks and rainbow tables. Salt is a random unique value per password that prevents attackers from precomputing hashes. Rainbow tables are precomputed databases of common hashes that allow cracking passwords without salt. MD5 remains useful for verifying non-critical file integrity, generating unique identifiers, and comparing large datasets, but never for sensitive data or passwords.
Real-world use cases
- •Verify integrity of downloaded files by comparing the hash provided by the developer
- •Store passwords securely in databases using SHA-256 with PBKDF2 and salt
- •Generate unique identifiers for sessions, caches, or distributed primary keys
- •Detect unauthorized changes in configuration files or source code
- •Digitally sign documents for subsequent authenticity verification