String Hash Generator

A cryptographic hash function takes an input of any length and produces a fixed-length output (digest). Properties: deterministic (same input → same output), fast to compute, preimage resistant (can't reverse the hash to get input), collision resistant (hard to find two inputs with the same hash), avalanche effect (small input change → completely different output). Common hash functions: MD5 (128-bit, broken for security), SHA-1 (160-bit, deprecated), SHA-256 (256-bit, widely used), SHA-512 (512-bit, strongest).

MD5 is cryptographically broken: collision attacks were demonstrated in 2004 (two different files can produce the same MD5 hash). In 2008, rogue CA certificates were generated using MD5 collisions, compromising HTTPS. MD5 should NOT be used for: passwords, digital signatures, or security-critical checksums. MD5 is still useful for: non-security checksums (file download verification where attackers can't modify the file), deduplication, hash tables. Use SHA-256 or SHA-512 for all security purposes.

Both are SHA-2 family members. SHA-256: 256-bit (32-byte) digest, uses 32-bit words, slightly faster on 32-bit CPUs. SHA-512: 512-bit (64-byte) digest, uses 64-bit words, faster on 64-bit CPUs due to wider word size, more resistant to length extension attacks. For web TLS: SHA-256 is standard. For Bitcoin: SHA-256 (double SHA-256). For password hashing: use Argon2 or bcrypt instead — SHA variants are too fast for password storage. SHA-384 is SHA-512 truncated to 384 bits.

File integrity verification: SHA-256 checksums on software downloads. Digital signatures: sign the hash of a document, not the document itself. Git commit IDs: SHA-1 (being migrated to SHA-256). Password storage: hash + salt (use bcrypt/Argon2, not raw SHA). HMAC: hash-based message authentication code — proves message authenticity. API request signing: HMAC-SHA256 to sign API requests (AWS SigV4). Content deduplication: identical files have the same hash. Cache keys in CDNs.

A salt is a random value added to input before hashing, preventing precomputed attacks (rainbow tables). Without salt: two users with password "password" have the same hash — one lookup reveals both. With salt: each password gets a unique random salt → unique hash. Format: $2b$12$saltsaltpasswordhash (bcrypt). Argon2: stores algorithm, version, parameters, salt, and hash together. Never use unsalted hashes for passwords — rainbow tables cover billions of common passwords.