Hash Help & Guide

What is a Hash?

A hash function converts input data into a fixed-size output (digest). The same input always produces the same output, but the process is one-way—you can't reverse a hash to get the original data.

Common Hash Algorithms

• SHA-256: Most common, 256-bit output. Good for general use.
• SHA-384: 384-bit output. Good for longer security horizons.
• SHA-512: 512-bit output. Strongest SHA-2 variant.
• MD5: Legacy, 128-bit. Broken for security—only use for checksums.

Hash vs Encrypt

Hashing is one-way—you can't reverse it. Used for passwords, checksums.

Encryption is two-way—you can decrypt with a key. Used for机密数据.

Q: Is SHA-256 secure for passwords?

A: Not by itself. SHA-256 is fast, making it vulnerable to brute-force attacks. For passwords, use:

• Argon2 (recommended)
• bcrypt
• PBKDF2

These are designed to be slow and memory-intensive.

Q: How to verify file integrity?

A: Compare the hash of your downloaded file with the published hash:

# Generate hash
sha256sum file.zip

# Verify
echo "expected_hash  file.zip" | sha256sum -c

Q: Can two different files have the same hash?

A: Yes (collision). But with SHA-256, finding a collision would take supercomputers millions of years.

Choosing the Right Algorithm

• Passwords: Argon2, bcrypt, or PBKDF2
• File checksums: SHA-256 or SHA-512
• Digital signatures: SHA-256 or SHA-384
• Legacy compatibility: MD5 (only if needed, not for security)

Hash in Version Control

Git uses SHA-1 for commit identifiers. While SHA-1 is deprecated for security, Git's usage is not vulnerable to collision attacks due to how commits are structured.

Salt Your Passwords

Never store plain hashes. Always add a unique salt before hashing:

hash = SHA256(salt + password)