Security
Hashing
A one-way function mapping data to a fixed-size digest that cannot be reversed — used to verify integrity and to store passwords. Passwords need slow, salted hashes such as bcrypt, argon2 or scrypt to resist brute force; fast hashes like SHA-256 or MD5 are the wrong tool for them. Unlike encryption, hashing is deliberately irreversible.
Purpose
A hash function maps any input to a fixed-size digest, one-way: easy to compute, infeasible to reverse, and any change to the input changes the output completely. Unlike encryption there is no key and no decryption — that irreversibility is the point.
When to Use It
Integrity checks (does this file match its checksum?), content addressing (git commits, cache keys, deduplication) and — with special care — password storage: you store the hash, and login re-hashes the attempt and compares.
Trade-offs
The password subtlety: general-purpose hashes (SHA-256, and the broken MD5/SHA-1) are deliberately fast, which lets attackers try billions of guesses per second offline. Passwords need deliberately slow, salted, memory-hard functions. Speed is a feature for checksums and an outright vulnerability for credentials.
Implementation
For passwords: argon2id (or bcrypt/scrypt), with a unique salt per password — the library handles it — and a cost factor tuned as hardware improves. For integrity and addressing: SHA-256. Compare secrets with constant-time functions, and never truncate or reuse a hash where collisions matter.