Hash calculations act as one-way encryptions. You can easily calculate the hash value based on the input - but you can never calculate the input based on the hash value. It only works one way. You can of course try to guess the input with brute force attacks - but the input can never be calculated on the basis of the hash value, and you get no indication of whether you have guessed the input correctly or not.

This basic functionality also means that if you change even just one character in the input value, the hashed result will look completely different.

HASH calculation of random 'lorem ipsum' HASH calculation of 'AAAA' HASH calculation of 'AABA'

**Comparison of large amounts of data:**Because you can calculate hash values of data, and then just compare these hash values, rather than comparing all data byte-by-byte

**Message authentication:**Is the sender of a message who he/she claims to be, and has the message been tampered with? It is done quite simply by

- Sender and receiver agree to a [secret code]
- When the sender wants to send a [message], a hash value of [secret code] + [message] is calculated
- [Message] and hash value are sent to recipient (but
__not__the [secret code] - the [secret code] must always remain secret) - Receiver similarly calculates the hash value based on [secret code] + [message].
- This hash code calculated by the recipient must be identical to the hash code recieved by the sender
- If the two hash values are identical, then it is a fact that the sender knows the secret code and that the message has not been modified in any way. If the message had been changed, the recipient's hash calculation would have given a different result - and the comparison of the two sender hash values would fail.

**Simple one-way encryption (of, for example, passwords):**Rather than storing passwords as plain text in databases, files or the like, you can simply store a calculated hash value of the password. This ensures that the code is never available as readable plain text - and you can check people's passwords by simply doing the hash calculation on the password used at login, and then comparing it with the hash value you have stored on the user. If the hash values are the same, the user has entered the correct password.

**MD5:**Invented in 1991, as a replacement for the MD4 algorithm. Outputs 16 bytes. Not considered secure for encryption purposes.**SHA-1:**Invented in 1993, as part of a US Government project. Outputs 20 bytes. Not considered secure for encryption purposes.**SHA-3:**SHA256, SHA384 and SHA512 are variations on the same basic algorithm SHA-3. The algorithm was released in 2015. Considered safe.**RIPEMD-160:**From 1996, and is based on the same principle as the previous MD4 calculation. However, RIPEMD-160 has never been breached in security contexts.

**Collision attack:**Can you create the same hash result with two different input values? If so, you have a 'collision'.**Preimage attack:**Can you calculate backwards and calculate the input message based on the hash result?

MD5 and SHA-1 were both compromised in 2004 and 2005 respectively via collision attacks. This means, that neither of the two, computes uniq output when put under stress. It also means that using MD5 and SHA-1 to store e.g. passwords, several different passwords - ultimately - will cause invalid passwords to be approved, even though they are different, because the calculated hash value is identical.

Wikibooks, similarly, has a good article on attacks on hash algorithms.

These tools are still in active development. If you have any kind of feedback, please let me know. Send me an e-mail on iamrootdottech(a)gmail.com.