Introduction
In our exploration of the digital landscape and pursuit of mastery, we at least understand the very basics of hashing, salts, and the intricate algorithms that safeguard our digital identities. Identifying these elusive algorithms is essential for those navigating the complexities of cybersecurity.
Hashing is a cryptographic process — a one-way function that transforms data into a non-reversible fixed-length string, preserving its integrity and confidentiality. Hashing is therefore used to protect passwords. Because hashing is non-reversible, it is impossible to determine the original clear-text value corresponding to a hash without knowing the original value, and without employing intrusive techniques such as brute-forcing.
It is important not to get hashing confused with encryption. Encryption is a completely different cryptographic venture that we will delve into in another article.
Hashing can also be used as a digital signature for files. This allows us to confirm the integrity of a file simply by checking its hash. Even the smallest modification to a file, like adding a single character, will completely change its hash.
1
2
3
4
5
6
7
8
9
10
root:~# cat file.txt
This is a test file.
root:~# md5sum file.txt
9e107d9d372bb6826bd81d3542a419d6 file.txt
root:~# echo "adding more text" >> file.txt
root:~# md5sum file.txt
2fbc90551f88c6b9b4a29a44f1df5552 file.txt
In the example above, additional text was added to file.txt and the hash was recalculated using md5sum. As you can see, the resulting hash is entirely different. Beyond verifying integrity, file signatures can also be used to identify known malicious files — sites like virustotal.com allow you to paste a hash to check if it matches any known malware.
Hashing Algorithms
At its core, a hashing algorithm is a precise set of mathematical instructions designed to transform raw data into a fixed-size, indecipherable string. This value uniquely represents the original input and is widely used for verification, authentication, and integrity checking.
MD5 — A fast, widely-used hashing algorithm that generates a 128-bit digest. Known for its speed but also for serious vulnerabilities due to collision attacks.
1
482c811da5d5b4bc6d497ffa98491e38
SHA1 — Generates a 160-bit digest. Still used in some digital signature schemes but is deprecated due to proven collision vulnerabilities.
1
40bd001563085fc35165329ea1ff5c5ecbdbbeef
SHA256 — A member of the SHA-2 family, produces a 256-bit digest and is currently one of the most secure and widely trusted hashing algorithms.
1
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
Some hash algorithms are vulnerable to a collision attack — a situation where two different inputs produce the same hash. MD5 and SHA1 are both susceptible to this and should not be used in secure applications. SHA256 is highly resistant to such attacks.
Hash Salts
In the realm of cybersecurity, hash salts are essential for defending against attacks such as rainbow tables. A salt is a random string that is added to the plaintext password before it’s hashed, resulting in a unique hash output even if multiple users have the same password.
Without a salt, identical passwords produce identical hashes — which makes it easy for attackers to use precomputed lookup tables. Salting passwords adds uniqueness and complexity, significantly increasing security.
Rainbow Tables
Rainbow tables are large precomputed databases of hash values mapped to their original plaintext inputs. They can be used to reverse known hashes if the original value exists in the table. A widely used and beginner-friendly example is crackstation.net, which allows users to check a hash against a massive lookup table of cracked values.
However, rainbow tables are only effective when dealing with unsalted hashes. Once a unique salt is applied, even identical plaintexts will produce different hashes — rendering precomputed tables useless and dramatically increasing the effort required to crack a password.
Computing Hashes
Linux systems come with built-in tools to calculate file or string hashes. These tools are often used for verifying downloads, checking file integrity, or auditing system changes.
1
2
3
4
5
6
7
8
9
10
11
# MD5 hash of a file
md5sum file.txt
# SHA1 hash of a file
sha1sum file.txt
# SHA256 hash of a file
sha256sum file.txt
# Hash a string directly
echo -n "random string" | md5sum
Conclusion
Hashing is a foundational concept in cybersecurity, used for protecting passwords, verifying file integrity, and enabling cryptographic operations across nearly every modern system. Understanding how hashes work, where they’re applied, and how they can be broken is essential for both defenders and attackers alike.
Throughout this post, we’ve covered the key ideas behind hashing algorithms, hash salts, and the critical role they play in protecting data. We’ve also seen how attackers exploit weak hashing practices using techniques like rainbow tables, and how simple misconfigurations — such as unsalted hashes or weak algorithms — can lead to serious vulnerabilities.
If you’re pursuing a career in security, this is knowledge you’ll use constantly: whether you’re verifying malware signatures, cracking password dumps, or designing secure login systems. Keep exploring, experiment with tools like hashcat or John the Ripper, and always be thinking one step deeper than the default configuration.
Hashing may seem simple, but it sits at the core of modern cryptographic trust.