What is a hash function, and why does TLS need one?

3 minbeginnerhashingsha-256integritycryptography

Quick Answer

A hash function takes any amount of input data and produces a fixed-size output called a hash (or digest). The same input always gives the same hash, but even a tiny change in the input gives a completely different hash. TLS uses hash functions like SHA-256 to detect if data was changed or corrupted in transit, and as a building block for digital signatures.

Detailed Answer

A hash function turns data of any size into a short, fixed-size fingerprint.

"Pay Alice $100"   --[SHA-256]-->  a1b2c3d4e5f6...  (always 256 bits)
"Pay Alice $900"   --[SHA-256]-->  9f8e7d6c5b4a...  (completely different)

Key properties a good hash function must have:

  • Deterministic — the same input always produces the same hash.
  • Fixed size — the output length never changes, no matter how big the input is.
  • One-way — you cannot work backward from the hash to recover the original input.
  • Avalanche effect — changing even one character in the input changes the hash completely.
  • Collision-resistant — it should be practically impossible to find two different inputs that produce the same hash.

SHA-256 (part of the SHA-2 family) is the hash function most commonly used in modern TLS. Older functions like MD5 and SHA-1 are considered broken and are no longer trusted.

TLS uses hashing for two main jobs:

  1. Integrity checks — making sure data was not changed or corrupted while it traveled over the network.
  2. Digital signatures — hashing is the first step in signing data, which the next question explains.

Related Resources