What Is Hashing?
Cryptographic Hashing
Hashing converts data of any size into a fixed-length string (hash/digest) using a one-way function. The same input always produces the same hash, but you can't reverse a hash to get the original data. Used for password storage, data integrity verification, and data structures (hash tables).
How Hashing Works
Password storage: hash('mypassword') → '$2b$10$...' (bcrypt hash). Store the hash, never the password. On login, hash the attempt and compare. Even if the database leaks, attackers can't reverse the hashes. Bcrypt adds salt (random data) so identical passwords produce different hashes.
Key Concepts
- One-Way Function — Cannot reverse a hash to get the original input — fundamental security property
- Salt — Random data added before hashing — prevents rainbow table attacks on passwords
- bcrypt/argon2 — Password-specific hashing algorithms with configurable work factors — slow by design to prevent brute force
- SHA-256 — General-purpose hash for checksums and data integrity — not suitable for passwords (too fast)
Frequently Asked Questions
MD5 for passwords?
Never. MD5 is fast and has known collision vulnerabilities. Use bcrypt or argon2 for passwords — they're intentionally slow to prevent brute-force attacks.