### Maybe now you’ll finally understand the name of our blog

Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of **encryption**. We’ve designed this article to help explain what hashing is and how it interacts with the encryption process.

## What is Hashing?

Hashing is mapping data of any length to a fixed-length output using an **algorithm**. Typically, the hashing algorithm most people know of is SHA-2 or SHA-256. That’s because it’s the current standard for SSL encryption.

The purpose of hashing is **authentication**. And to illustrate this, we’ll use an example.

Let’s say I’m sending you a message and you want to ensure that what you’re receiving is what I intended. Or to put it another way, you want to make sure that the message hasn’t been altered. To do this, I’m going to send you the message, then I’m going to send you a **hash value** and the **algorithm** I used to hash it. An algorithm is really just a set of steps or procedures. So I send you a message and the hash value. When you receive the message, you’re going to **re-hash** it to see what value it produces. If the values are the same, then the message hasn’t been tampered with.

Keep in mind, no two pieces of data can produce the same output. If they do, this is called a **collision** and the algorithm is deemed unsafe. Google did this in 2017 to prove that SHA-1 was unsafe. That’s why we now use SHA-2 (also known as SHA-256, for the length of its output – 256 characters long).

Hashing is essentially a **one-way function**. It’s technically possible, but at this point infeasible to reverse a hash.

## How is Hashing Used?

You’ll oftentimes find hashing used in conjunction with **Digital Signatures**. For instance, say I want to perform a code signing. The actual code is far too large for my private key to sign, so instead I’ll first hash the data and then sign it.

When a user downloads the code, it’s going to verify the **signature**, then it’s going to run the same hash function against the code to see if it produces the same hash value. Provided it does, everything checks out and you’re good to go. If not, you know something has happened to the software and the download is aborted.

If you’re interested in learning more about hashing, or staying up-to-date on industry trends, subscribe to our blog Hashed Out.