What is a hash function, and what three properties does a good cryptographic hash have?
A hash function is a one-way mathematical mangler — it takes any input and produces a fixed-size, deterministic, irreversible fingerprint.
* Password-storage login check: recompute the salted hash and compare. *
* A hash maps any input to a fixed-length digest. — Jorge Stolfi, Public domain, via Wikimedia Commons. *
The three core properties:
-
One-way (Einwegfunktion): Easy to compute hash from input, computationally infeasible to recover input from hash. You can hash
Hello→185f8db32...instantly, but going backwards requires brute force. -
Uniqueness / Avalanche (Einzigartigkeit): Every distinct input produces a distinct output, and tiny changes cause completely different hashes:
Hello→185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969hello→2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
-
Fixed length (Feste Länge): Output size is constant regardless of input. SHA-256 always produces 256 bits, whether the input is a single character or a 10GB file.
Why this is perfect for password storage:
- Server stores
hash(password), not the password itself - On login: compute
hash(typed_password)and compare - If the database leaks → attacker has hashes, not passwords
- One-wayness means they must brute-force to recover them
Try it: https://emn178.github.io/online-tools/sha256.html — experiment with the avalanche effect.
Go deeper:
Cryptographic hash function (Wikipedia) — preimage, second-preimage and collision resistance.