What is a hash function, and why does TLS need one?
3 minbeginnerhashingsha-256integritycryptography
Quick Answer
A hash function takes any amount of input data and produces a fixed-size output called a hash (or digest). The same input always gives the same hash, but even a tiny change in the input gives a completely different hash. TLS uses hash functions like SHA-256 to detect if data was changed or corrupted in transit, and as a building block for digital signatures.
Detailed Answer
A hash function turns data of any size into a short, fixed-size fingerprint.
"Pay Alice $100" --[SHA-256]--> a1b2c3d4e5f6... (always 256 bits)
"Pay Alice $900" --[SHA-256]--> 9f8e7d6c5b4a... (completely different)
Key properties a good hash function must have:
- Deterministic — the same input always produces the same hash.
- Fixed size — the output length never changes, no matter how big the input is.
- One-way — you cannot work backward from the hash to recover the original input.
- Avalanche effect — changing even one character in the input changes the hash completely.
- Collision-resistant — it should be practically impossible to find two different inputs that produce the same hash.
SHA-256 (part of the SHA-2 family) is the hash function most commonly used in modern TLS. Older functions like MD5 and SHA-1 are considered broken and are no longer trusted.
TLS uses hashing for two main jobs:
- Integrity checks — making sure data was not changed or corrupted while it traveled over the network.
- Digital signatures — hashing is the first step in signing data, which the next question explains.