What Is a Hash? SHA-256 and Friends, Explained Simply
2026-06-03 · 5 min read
Hashes power downloads verification, password storage, and blockchains. Here is what they are, in plain terms.
A cryptographic hash function takes input of any size and produces a fixed-length string called a digest. The same input always yields the same digest, but you cannot work backwards from the digest to the input.
Key properties
- Deterministic — the same input always gives the same hash.
- One-way — you cannot reverse a hash to recover the original.
- Avalanche effect — changing one character changes the entire digest.
- Collision-resistant — it is infeasible to find two inputs with the same hash.
What SHA-256 is used for
SHA-256 (part of the SHA-2 family) verifies file downloads, signs certificates, secures Bitcoin, and underpins many security protocols. SHA-384 and SHA-512 produce longer digests for higher security margins.
Why not MD5 or SHA-1?
MD5 and SHA-1 are broken — researchers can produce collisions — so they should not be used for security. Prefer SHA-256 or stronger for anything that matters.
Hashing is not encryption. Encryption is reversible with a key; hashing is intentionally one-way. Never use a hash to "hide" data you need to read back.
Generate a hash privately
The Hash Generator computes SHA-1, SHA-256, SHA-384, and SHA-512 with the browser's built-in Web Crypto API, so your input never leaves your device.