If you’ve ever stored a password online, you’ve already relied on hashing — even if you didn’t know it. Hashing in cryptography is a fundamental security tool that turns your data into a fixed-size, irreversible code.
In this guide, we’ll unpack what hashing is, how it works, why it’s used, and the risks you need to be aware of. We’ll even look at some Kotlin code so you can see it in action.
What Is Hashing in Cryptography?
Hashing in cryptography is the process of taking any piece of data — like text, files, or numbers — and running it through a special algorithm (called a hash function) to produce a fixed-size string of characters known as a hash value or digest.
A good cryptographic hash function has four main properties:
- Deterministic — The same input will always produce the same hash.
- Fast computation — It should generate the hash quickly.
- Irreversible — You cannot reconstruct the original data from the hash.
- Collision resistance — Two different inputs shouldn’t produce the same hash.
How Hash Functions Work
Imagine hashing as a digital fingerprint for data. You input a file or message, and out pops a unique fingerprint (the hash). Even the slightest tweak to the input radically alters the fingerprint, making it easy to detect unauthorized changes.
The hash function processes input in blocks, compresses data, and applies complex transformations to generate the fixed-length hash. Popular algorithms include SHA-256, SHA-512, MD5 (though this is now weak and not recommended), and newer schemes like SHA-3.
Why Use Hashing in Cryptography?
Here’s where hashing shines:
- Password storage — Websites store hashed passwords instead of plain text.
- Data integrity checks — Verifying that files haven’t been altered.
- Digital signatures — Ensuring authenticity and non-repudiation.
- Blockchain — Securing and linking blocks of transactions.
A Kotlin Example: SHA-256 Hashing
Let’s write a simple Kotlin program that hashes a string using SHA-256.
import java.security.MessageDigest
fun hashSHA256(input: String): String {
// Create a MessageDigest instance for SHA-256
val bytes = MessageDigest.getInstance("SHA-256")
.digest(input.toByteArray())
// Convert the byte array to a readable hex string
return bytes.joinToString("") { "%02x".format(it) }
}
fun main() {
val text = "Hello, Hashing!"
val hashValue = hashSHA256(text)
println("Original Text: $text")
println("SHA-256 Hash: $hashValue")
}Here,
MessageDigest.getInstance("SHA-256")
This creates an object that can compute SHA-256 hashes..digest(input.toByteArray())
Converts the string into bytes and hashes it.joinToString("") { "%02x".format(it) }
Formats each byte into a two-character hexadecimal string and joins them into one long hash.
When you run this code, you’ll see a 64-character hexadecimal string — the SHA-256 hash of "Hello, Hashing!".
Risks and Limitations of Hashing
Hashing is powerful, but it’s not bulletproof.
- Collision attacks — Rare but possible; two different inputs could produce the same hash.
- Rainbow tables — Precomputed tables that map hashes back to possible passwords.
- Brute force attacks — Trying every possible input until the hash matches.
Best practice: Always use hashing with salts (random data added to the input) for password storage to defend against rainbow tables.
Best Practices for Using Hashing in Cryptography
- Use proven algorithms (e.g., SHA-256, SHA-3, BLAKE2).
- For passwords, use slow, salted hash functions like bcrypt, scrypt, or Argon2.
- Never store plain text passwords.
- Regularly update to stronger hashing algorithms as standards evolve.
Conclusion
Hashing in cryptography is like a digital fingerprint system — simple in concept but critical for security. It ensures data integrity, safeguards passwords, and powers technologies like blockchain.
While hashing isn’t a silver bullet against every cyber threat, when implemented with modern algorithms and best practices, it’s one of the most reliable security layers we have.