The digital fingerprint of cryptography. Learn how any piece of data, no matter the size, gets compressed into a fixed-length, unique identifier that's practically impossible to reverse.
Think of a hash function as a meat grinder for data. You put anything in (a password, a file, an entire book) and out comes a fixed-size “digest” that uniquely represents the original. But here's the catch: you can never turn the ground meat back into a steak.
The same input will always produce the exact same output. Hash "hello" a million times, you’ll always get the same digest.
Hashing even large files takes only microseconds. Speed is essential because these functions run billions of times a day across the internet.
Given a hash output, it’s computationally infeasible to find the original input. You can’t reverse the process.
Whether you hash a single byte or a terabyte, the output is always the same length. For example, 256 bits for SHA-256.
Type anything below and watch the hash change instantly. Notice how even a tiny change in the input produces a completely different output.
Type below to see the hash update in real time.
A cryptographic hash function must satisfy three essential security properties to be considered safe for use.
Given a hash output h, it should be computationally infeasible to find any input m such that hash(m) = h. You can’t reverse-engineer the original data.
Given an input m₁, it should be infeasible to find a different input m₂ that produces the same hash. Each input’s fingerprint is effectively unique.
It should be infeasible to find any two different inputs that produce the same hash output. This is the hardest property to achieve and the first to break.
Test the three security properties of SHA-256 yourself. Pick a challenge and see why these properties hold.
A secret word has been hashed with SHA-256. Can you figure out the original input from its hash alone?
One of the most fascinating properties: flipping a single bit in the input produces a radically different hash. This is called the avalanche effect.
See how two nearly identical inputs produce completely different hashes.
Hash functions are everywhere, silently protecting passwords, verifying downloads, and securing the internet.
Websites store hashes of your password, not the password itself. When you log in, they hash your input and compare.
Download a file and compare its hash to the published one. If they match, the file hasn’t been tampered with.
Every block contains the hash of the previous block, creating an unbreakable chain of trust.
Instead of signing an entire document, you sign its hash. Same security, far more efficient.