Interested in hashing? You’ve come to the right place! Hashing.dev is an interactive hands-on tool for developers to work with hashing algorithms. Keep reading to learn more about hashing’s components and frequently asked questions.
Each hashing algorithm has a unique history and design. Some were created to support additional parameters that you can adjust to meet your security or computational needs. What parameters are available depends on exactly which hashing algorithm you choose to use.
Argon2 was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg. They released their specification paper on argon2 in 2015 and that same year won the Password Hashing Competition, organized by a global panel of security and cryptographic experts. In their paper, the designers state their motivation for creating argon2 was "to maximize the cost of password cracking" and that "passwords, despite all their drawbacks, remain the primary form of authentication."
Every hashing algorithm needs an input to hash. The input is usually a plain text string of varying lengths (like a password).
A string of characters that is appended or prepended to the input before it is hashed. A salt changes the hash value by increasing the length and complexity of the input. It is a common practice to help guard against rainbow tables and dictionary attacks. Argon2 automatically salts the input.
The number of bytes or HEX characters in the generated hash value.
How many times or iterations the algorithm’s hashing function will run. More cycles create a stronger hash but require more time to compute.
The number of concurrent threads, or degrees of parallelism, that the algorithm will utilize to compute the hash.
The amount of memory to be used in the hashing process. In the case of argon2, each thread will have a memory pool of this size.
Hashing is the use of mathematical functions to transform a set of values into a fixed-length output known as a hash or hash value. These hash functions, or hashing algorithms, have three key traits.
One: The process is irreversible. After the hash value is generated, there is no mathematical way to derive the input. As a result, hash values tend to resemble a completely random and unreadable string of characters.
Two: A hashing algorithm will always output the same hash value when given the same input. Hashing is a consistent and repeatable process. (Beware, some hashing alogrithms like bcrypt have built-in salts so you’ll see a different output hash value each time).
Three: A hashing algorithm minimizes “collisions” as much as possible. Two different inputs should not generate the same hash value output.
It turns out hashing’s three traits make it a useful technique for all sorts of important things!
For security: Remember hashing’s irreversible behavior? Well, that makes hashing algorithms great for cryptography, because plain text goes in and ciphertext comes out. You can mask sensitive data like passwords and account ids before storing them. This security use case is arguably one of hashing’s biggest strengths; but remember, with great power comes great responsibility.
For data integrity: Since it’s consistent and repeatable, hashing can ensure data integrity by comparison. For example, you have an important file. You want to guarantee the file’s contents are never changed or tampered with. So, you hash the file’s contents and save the hash value. To check on your file without opening it, you can hash the file again and compare the new hash value with the old one. If the hash values are identical, you can be sure the file hasn’t been altered.
For data management: Hash values can also be used as indexes to sort and quickly access your data.
SHA-1, SHA-256, MD-5, argon2, scrypt, bcrypt... so many options! Each hashing algorithm has its unique qualities with tradeoffs. Some are stronger than others and some are faster than others. The answer depends on what you need hashing for.
For passwords, we recommend using argon2, bcrypt, or scrypt. Their configurable memory and cost parameters can increase computational strength to protect against possible attacks.