# More About Hashing **Published by:** [linux_fan](https://paragraph.com/@linux-fan/) **Published on:** 2023-04-28 **URL:** https://paragraph.com/@linux-fan/more-about-hashing ## Content Hashing can be a mysterious term for those who haven’t really seen it in action. But really all it is boils down to an algorithm which mathematically processes an input of data (usually a file) using complex math to output a fixed length hexadecimal output. The ideal goal of a hashing algorithm is to generate a different output for every possible permutation of input. This means that two identical files would generate the same output value, while a tiny change to one of them would then result in a different output. So to demonstrate, I ran a little test on my Linux computer. First I created a test-file (which in this case is simply a plain text document) in my home directory and saved the following text in it: This is a test file I then ran the following command to generate a SHA-2 hash of it: sha256sum test-file Which gave the following output: c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35 test-file I then copied the file to another location on my computer, the Downloads folder: cp test-file ./Downloads I then ran the SHA-2 algorithm on the copied file: sha256sum ./Downloads/test-file That created this output: c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35 ./Downloads/test-file Notice that the string of nonsensical hexadecimal output is precisely the same as the original test file, because all I changed was the location of the copied file, not the content. However, what if I change the content? I opened up the copied test-file and added a single character so that now the contents read as so: This is a test file. With the addition of a mere period, let’s see what the SHA-2 algorithm put out for this: 649b8b471e7d7bc175eec758a7006ac693c434c8297c07db15286788c837154a ./Downloads/test-file It’s a completely different output just from a very minor change to the file contents. Hashing algorithms aren’t perfect though. Researchers and hackers are always testing against their reliability and sometimes find critical errors. One such error is called a collision. This occurs when two different inputs can create the same hash outputs. Theoretically, that shouldn’t be possible, but the permutations of math behind the algorithms work in ways that rather few understand. Testing has found that certain algorithms, such as MD5 and SHA-1, have weaknesses such as creating collisions or being vulnerable to reverse engineering by powerful enough computation. Imperatively, one should not be able to decipher the original data from just having the hash value, but the hash value can be used to indirectly compare whether two inputs are the same or not without having to directly know what are the contents. This is essentially, in very simplified terms, the way verifying passwords works. When you log into a website or app, the service behind that login field doesn’t have your plain text password but rather a hash value of it. So when you enter your user name and password, the form runs the hash algorithm on what you entered for your password and then compares the output to what they have as your password hash. If they match, you go in; if not, it must be an incorrect password. So this is how they can verify without actually knowing your password. This is important because if the website were to store your plain text password and is hacked, the hacker could just log into whoever’s accounts for which they now have the full login details. The hashes aren’t as useful to the hacker as the passwords themselves. This is where an unfortunate quality of human nature helps the hacker. Even though the passwords are hashed, people generally suck at choosing good passwords. They often use inputs which are too short, too common, and too simple. This means they are easy to figure out by matching them to rainbow tables, which are lists of common passwords along with their corresponding hash values. This is why it’s important to pick passwords which are long, not actual words from the dictionary, and contain a good variety of non-patterned lowercase, capital, number, and special characters. Such passwords are hard to think up let alone remember, which is why most people don’t use them so well unless they leverage something like a password manager (highly recommended!) to generate and utilize long, randomly generated passwords which are all individually unique from your other passwords. How this all relates to cryptocurrencies goes back to my explanation of blockchains. When miners’ nodes calculate the hashes for new blocks of transactions, those outputs represent the actual content of the blockchain. So it is vitally important to be accurate and validated through consensus. This is why if a hacker tried to modify the contents of the block and submit a hash based on that, it would be different from what the legitimately acting nodes got and they’d reject the impostor. If you’d like to read more about cryptocurrencies and blockchains, check out my other posts and subscribe as I have lots of upcoming post topics to cover. Also please consider collecting this post (and any others of mine you read and like) to financially support this blog! ## Publication Information - [linux_fan](https://paragraph.com/@linux-fan/): Publication homepage - [All Posts](https://paragraph.com/@linux-fan/): More posts from this publication - [RSS Feed](https://api.paragraph.com/blogs/rss/@linux-fan): Subscribe to updates