Frequently Asked Questions
What is a hash function?
A cryptographic hash function takes an input of any length and produces a fixed-length output (the hash or digest). The same input always produces the same hash, but even a tiny change in the input produces a completely different hash. Hash functions are one-way — you cannot recover the original input from the hash alone.
MD5 vs SHA-256 — which should I use?
SHA-256 (and SHA-512) are recommended for security-sensitive applications such as password hashing, data integrity verification, and digital signatures. MD5 and SHA-1 are considered cryptographically broken and should not be used for security purposes. However, MD5 is still widely used for non-security tasks like checksums and cache keys where collision resistance is not required.
What is HMAC?
HMAC (Hash-based Message Authentication Code) combines a secret key with the hash function to produce a message authentication code. Unlike a plain hash, an HMAC can only be reproduced by someone who knows the secret key, making it useful for verifying both the integrity and the authenticity of a message.