Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

1.4.2. Hashing and Integrity

šŸ’” First Principle: A hash function takes any input and produces a fixed-length output (the "digest") that acts like a digital fingerprint. The same input always produces the same hash, but even a tiny change in input produces a completely different hash. Hashing is a one-way function ā€” you can't reverse a hash to recover the original data.

Hashing solves the integrity problem. When you download a file, how do you know it hasn't been tampered with? The publisher provides a hash of the original file. You hash your downloaded copy and compare. If the hashes match, the file is intact. If they differ, something changed.

Key properties of cryptographic hash functions:

  • Deterministic ā€” same input always produces same output
  • One-way ā€” cannot reverse the hash to find the input
  • Collision-resistant ā€” extremely difficult to find two inputs that produce the same hash
  • Avalanche effect ā€” a tiny input change completely changes the output

Common algorithms: SHA-256 (current standard, 256-bit output), SHA-1 (deprecated, collision vulnerabilities found), MD5 (broken, not secure for cryptographic purposes but still used for non-security checksums).

Salting adds a random value to input before hashing, preventing attackers from using precomputed hash tables (rainbow tables) to crack passwords. Without salting, all users with the password "Password123" would have identical hashes in the database ā€” compromising one reveals all.

Digital signatures combine hashing with asymmetric encryption: hash the document, encrypt the hash with your private key. Anyone can decrypt with your public key to verify both integrity (hash matches) and authenticity (only your private key could have encrypted it). This provides non-repudiation ā€” the sender cannot deny having sent the message.

āš ļø Exam Trap: Hashing is NOT encryption. Encryption is reversible (you can decrypt). Hashing is one-way (you cannot "unhash"). The exam tests this distinction frequently. MD5 and SHA-1 are considered insecure for cryptographic purposes but may still appear in exam questions about legacy systems.

Reflection Question: A company stores user passwords as unsalted MD5 hashes. What specific attack does this enable, and what two changes would mitigate it?

Alvin Varughese
Written byAlvin Varughese
Founderā€¢15 professional certifications