Hash Functions#
Reference of hash functions by category with operator-relevant notes on what each one is used for, what’s safe to deploy in 2026, and what’s deprecated. For wider cryptographic coverage see Cryptographic Primitives. For the daily tradecraft of running hashes on Linux see Hashing.
A hash function maps arbitrary-length input to a fixed-length (or extendable) output. The categories below cluster by what the operator does with them, not by mathematical construction.
General-purpose cryptographic hashes#
Collision-resistant, pre-image-resistant, fast enough for files and TLS, slow enough to make adversarial forgery infeasible. The operator reaches for SHA-256 first; everything else is justified by interop or performance constraints.
Algorithm |
Digest size |
Used for |
Notes |
|---|---|---|---|
SHA-256 |
256 bit |
File integrity, code signing, TLS / X.509, blockchains, container image digests |
FIPS 180-4; the universal default in 2026 |
SHA-384 |
384 bit |
CNSA-2.0 TLS profiles, NSA Suite B |
FIPS 180-4 |
SHA-512 |
512 bit |
High-throughput integrity on 64-bit hardware, password-hash inputs |
FIPS 180-4; faster than SHA-256 on amd64 / arm64 |
SHA-224 |
224 bit |
Smaller variant; rare in modern use |
FIPS 180-4 |
SHA-512/224, SHA-512/256 |
224, 256 bit |
SHA-512 truncated; outruns SHA-256 on 64-bit |
FIPS 180-4 |
SHA3-224, 256, 384, 512 |
224 / 256 / 384 / 512 bit |
TLS, certs, conservative post-quantum-curious deployments |
FIPS 202; Keccak sponge construction |
SHAKE128, SHAKE256 |
extendable-output (XOF) |
KDF inputs, stateless signatures (XMSS, SPHINCS+), arbitrary-length digests |
FIPS 202; SHA-3 family |
BLAKE2b |
up to 512 bit |
Content-addressed storage, fast file integrity, IPFS, Argon2 core |
RFC 7693; ~3x faster than SHA-256 in software |
BLAKE2s |
up to 256 bit |
Constrained / 32-bit devices |
RFC 7693 |
BLAKE3 |
256 bit (extendable) |
Parallel tree-hashing, content addressing, dedup, KDF |
Fastest mainstream cryptographic hash; tree-parallel; |
RIPEMD-160 |
160 bit |
Bitcoin / Ethereum address derivation, BIP32 |
Legacy outside cryptocurrency |
Whirlpool |
512 bit |
Specialty / interop; rare |
ISO/IEC 10118-3 |
SM3 |
256 bit |
Chinese national standard; required in CN compliance |
GB/T 32905; in CN-issued certs |
Streebog (GOST R 34.11-2012) |
256, 512 bit |
Russian national standard |
ISO/IEC 10118-3 |
Legacy and broken hashes#
Collision-broken. Still seen in the wild for non-security checksums and legacy protocols. The operator recognises them and refuses them for anything adversarial.
Algorithm |
Digest size |
Status |
Where it still shows up |
|---|---|---|---|
MD5 |
128 bit |
Collision-broken since 2004 |
Non-crypto checksums, file dedup, legacy interop, package manifests |
SHA-1 |
160 bit |
Collision-broken (SHAttered 2017, Shambles 2020) |
Git object IDs (migrating to SHA-256), legacy TLS certs (deprecated) |
MD4 |
128 bit |
Broken |
NTLM, rsync rolling checksum, legacy eDonkey |
MD2 |
128 bit |
Broken |
1990s X.509 certs only |
RIPEMD-128 |
128 bit |
Digest too small |
Avoid |
Tiger |
192 bit |
Old, narrow review |
ED2K, eDonkey-era P2P |
HAVAL |
variable |
Broken |
Defunct |
Keyed hashes and MACs#
Authenticate content against a secret, not just a public digest. Pair with a transport (HMAC over a JWT) or a cipher (Poly1305 over ChaCha20).
Algorithm |
Construction |
Used for |
Notes |
|---|---|---|---|
HMAC-SHA-256 |
Hash-based MAC |
AWS SigV4, JWT HS256, IPsec, TLS PRF, webhook signing |
RFC 2104; the daily workhorse |
HMAC-SHA-512 |
Hash-based MAC |
High-security MAC, BIP32 (Bitcoin) HD key derivation |
RFC 2104 |
HMAC-SHA-1 |
Hash-based MAC |
OAuth 1, RFC 6238 TOTP, RFC 4226 HOTP |
Acceptable; SHA-1 collisions do not break HMAC |
HMAC-MD5 |
Hash-based MAC |
Legacy IPsec, RADIUS |
Acceptable for MAC; deprecated direction |
Poly1305 |
One-time MAC |
TLS 1.3 (ChaCha20-Poly1305), IKEv2, WireGuard, Signal |
RFC 8439; key used once, paired with a cipher |
GMAC |
AES-GCM tag-only |
AEAD authentication when no payload encryption is needed |
NIST SP 800-38D |
KMAC |
Keccak-based MAC |
SHA-3-family MAC |
NIST SP 800-185 |
CMAC (OMAC1) |
AES block-cipher MAC |
Constrained devices, NIST SP 800-38B |
Block-cipher-based MAC |
SipHash-2-4 |
Short-input PRF |
DoS-resistant hash-table keying |
Inside Python dict, Rust HashMap, Linux kernel |
Password hashes and KDFs#
Slow on purpose. Different problem from file integrity; the
operator uses these for /etc/shadow-style password storage,
PAKE protocols, and key derivation from user secrets. Argon2id is
the 2026 default; PBKDF2 lingers only where FIPS or compliance
requires it.
Algorithm |
Hardness model |
Used for |
Notes |
|---|---|---|---|
Argon2id |
Memory-hard |
New password storage, KDF for symmetric keys |
RFC 9106; the operator’s default in 2026 |
Argon2i, Argon2d |
Memory-hard |
Specialized variants (side-channel vs GPU resistance) |
RFC 9106 |
scrypt |
Memory-hard |
Older but solid; Tarsnap, LTC, password storage |
RFC 7914 |
bcrypt |
Iteration-based |
Legacy password storage, ubiquitous in web frameworks |
Predates memory-hard era; 72-byte input cap |
PBKDF2 |
Iteration-based |
TLS 1.2 PSK, WPA2, FIPS-required deployments |
RFC 2898; weaker than memory-hard; required in some compliance regimes |
sha512crypt ($6$) |
Iteration-based |
Default |
glibc crypt; |
yescrypt ($y$) |
Memory-hard |
Default |
scrypt-derived; libxcrypt |
Balloon hashing |
Memory-hard |
Niche, formally verified deployments |
Provably memory-hard |
HKDF |
Extract-and-expand KDF |
TLS 1.3 key schedule, Signal, Noise, WireGuard |
RFC 5869; runs over a base hash, typically SHA-256 |
Blake3 KDF mode |
PRF-style KDF |
High-throughput key derivation from a context string |
Built into BLAKE3 |
Non-cryptographic hashes#
Fast, not collision-resistant against an adversary, but cheap and good enough for hash tables, sharding, checksumming, dedup, and sampling. The operator who uses one of these for an integrity check against a motivated attacker has misused it.
Algorithm |
Output |
Used for |
Notes |
|---|---|---|---|
CRC32 (POSIX) |
32 bit |
Ethernet, TLS record integrity, zlib, gzip footers |
Detects bit flips, not tampering |
CRC32C (Castagnoli) |
32 bit |
iSCSI, ext4 metadata, SCTP, BTRFS |
Hardware-accelerated on amd64 / arm64 |
Adler-32 |
32 bit |
zlib stream header |
Faster than CRC32 |
Fletcher-32 |
32 bit |
ZFS metadata |
|
xxHash (XXH32, XXH64, XXH128, XXH3) |
32 / 64 / 128 bit |
File dedup, content-addressed cache keys, rsync, |
Fastest non-crypto family; |
MurmurHash3 |
32 / 128 bit |
Bloom filters, hash tables (Cassandra), tracing IDs |
Austin Appleby |
CityHash / FarmHash |
64 / 128 bit |
Google high-quality non-crypto |
FarmHash is the successor |
FNV-1a |
32 / 64 / 128 bit |
Tiny embedded hash tables |
Very simple, very fast |
Jenkins (lookup3) |
32 bit |
Bloom filters, hash tables |
Bob Jenkins |
SipHash-1-3 |
64 bit |
DoS-resistant hash-table keying (lighter than HMAC) |
Keyed; cheaper than full HMAC |
DJB2 |
32 bit |
String hashing in compilers, lexers |
Bernstein |
Merkle and tree hashes#
Aggregate a hash over many leaves so a single root authenticates the whole set. Inclusion proofs are O(log n). The operator sees these in cryptocurrencies, Git, Certificate Transparency, IPFS, and parallel hashing tools.
Construction |
Used for |
Notes |
|---|---|---|
Merkle tree |
Bitcoin block merkle root, Git tree objects, IPFS, Certificate Transparency, Apache Arrow |
O(log n) inclusion proof; binary tree of hashes |
Hash list |
rsync delta, BitTorrent piece hashes |
Flat list of per-chunk hashes |
Hash chain |
One-time auth (S/Key), blockchain block linking |
h(h(h(…x))); one-way |
Merkle-Damgård |
SHA-1, SHA-2 family internal construction |
Block-by-block compression with length-extension caveat |
Sponge |
SHA-3, BLAKE2 internal construction |
Absorb-and-squeeze; supports XOFs |
Tree mode (BLAKE3) |
Parallel hashing, partial verification, streaming |
Native to BLAKE3 |
Skein tree mode |
SHA-3 finalist |
Tree-mode for parallelism |
Verkle tree |
Ethereum-style state commitments |
Vector-commitment variant of Merkle; shorter proofs |
Locality-sensitive and similarity hashes#
Map similar inputs to similar (or identical) digests. The operator uses these for malware clustering, near-duplicate document detection, threat-intel correlation, and approximate nearest neighbor search.
Algorithm |
Output |
Used for |
Notes |
|---|---|---|---|
MinHash |
Bag of k 32-bit ints |
Jaccard similarity over sets, near-duplicate documents, plagiarism |
Used by Lucene, BigQuery dedup |
SimHash |
64-bit (typical) |
Near-duplicate web pages, document clustering |
Charikar 2002; Google web-crawl dedup |
TLSH (Trend Micro LSH) |
35-byte hex |
Malware similarity, threat-intel clustering |
OASIS standard |
ssdeep (CTPH) |
Variable |
Fuzzy file hashing, malware similarity |
Context-triggered piecewise hash; |
sdhash |
Bloom-filter-based |
Forensic similarity hashing |
Roussev |
mrsh-v2 |
Bloom-filter-based |
Forensic similarity, faster than sdhash |
|
LZJD |
Lempel-Ziv distance |
Malware similarity, robust to obfuscation |
|
vhash |
Variable |
Malware similarity in VirusTotal |
VT-proprietary |
Nilsimsa |
32-byte |
Anti-spam, near-duplicate email |
Older anti-spam pipelines |
p-stable LSH |
hash table buckets |
High-dimensional ANN search |
Datar et al. |
Perceptual hashes#
Robust to lossy transformations (resize, recompress, recolor). Used for content matching, moderation, CSAM detection, copyright enforcement.
Algorithm |
Modality |
Used for |
Notes |
|---|---|---|---|
aHash (average hash) |
Image |
Quick image similarity, baseline |
Trivial; fast |
dHash (difference hash) |
Image |
Image similarity |
Faster than pHash, often more accurate than aHash |
pHash (perceptual hash) |
Image |
Image similarity, dedup, copyright |
DCT-based; robust to scale and recompression |
wHash (wavelet hash) |
Image |
Image similarity |
Wavelet-based; more robust |
PhotoDNA |
Image |
CSAM detection (NCMEC, Microsoft) |
Proprietary |
PDQ |
Image |
CSAM detection (Meta) |
Open-source |
TMK+PDQF |
Video |
Content moderation (Meta) |
Keyframes (TMK) plus PDQ frame descriptors |
VideoHash |
Video |
Near-duplicate video |
Open-source |
Chromaprint (AcoustID) |
Audio |
Music ID, podcast ID |
Open-source |
Echoprint |
Audio |
Music identification |
Spotify-derived |
Shazam fingerprint |
Audio |
Music identification |
Proprietary |
PHashAudio |
Audio |
Audio similarity |
Same family as image pHash |
Geohashes and spatial encodings#
Encode latitude / longitude (and sometimes altitude) to a string or integer. Not cryptographic; designed for prefix-based proximity, indexing, and tiling. The operator uses these for geofencing, sharding by region, target plotting, and MGRS-style quick reference.
Encoding |
Output |
Used for |
Notes |
|---|---|---|---|
Geohash |
Base-32 string |
Redis GEO, Elasticsearch geohash agg, prefix-based proximity |
Niemeyer 2008; longer prefix means more precision |
S2 cells |
64-bit cell ID |
Google Maps, Foursquare, regional sharding |
Hilbert-curve hierarchy; well-defined cell levels |
H3 |
64-bit cell ID |
Uber dispatch, hex grids, ridesharing |
Hexagonal cells; uniform neighbourhood distance |
Plus Codes (Open Location Code) |
Alphanumeric |
Google Maps Plus Codes, postal alternative |
Google open standard |
Quadkeys |
Base-4 string |
Bing Maps, tile pyramids |
Microsoft tile system |
Maidenhead Locator |
Alphanumeric |
Amateur radio grid |
6-char square ~ 5 km |
What3Words |
3 dictionary words |
Consumer geocoding |
Proprietary; 3 m precision |
MGRS |
Alphanumeric grid |
NATO / US military grid reference |
The operator’s grid in IC / SOF context |
UTM |
Easting / northing pair |
Survey, GIS, plotting |
60 zones; basis for MGRS |
Distributed-system hashes#
Map keys to nodes, shards, or buckets. Cheap, deterministic, sometimes “consistent” so rebalancing moves O(K/N) keys instead of all of them.
Algorithm |
Used for |
Notes |
|---|---|---|
Consistent hashing (ring) |
Dynamo, Cassandra, Couchbase partitioning |
Re-shard moves O(K/N) keys |
Rendezvous (HRW) hashing |
Web caches, distributed K/V |
Often simpler and better than ring |
Jump consistent hash |
Sharded backends; Google |
Lamping and Veach 2014; very fast |
Maglev hashing |
Google L4 load balancer |
Bin-balanced consistent hash |
Ketama |
Memcached consistent hashing |
Last.fm; common in libmemcached clients |
Bloom filter |
Set membership tests with no false negatives |
Multiple hash functions; tunable false-positive rate |
Cuckoo filter |
Set membership with deletion |
Lower false-positive rate than Bloom at similar memory |
HyperLogLog |
Cardinality estimation |
Streaming distinct-count; Redis |
t-digest, GK-sketch |
Quantile estimation |
Streaming p50 / p95 / p99 |
Count-Min sketch |
Frequency estimation |
Top-K, heavy hitters |
Visual hashes#
Visualize a fingerprint so the operator can compare two values by eye instead of by character-by-character readout.
Algorithm |
Used for |
Notes |
|---|---|---|
SSH randomart |
SSH host-key visual fingerprint |
OpenSSH |
BubbleBabble |
Pronounceable key fingerprint |
OpenSSH legacy; |
Identicon |
Avatar from email / IP hash |
GitHub, Stack Overflow |
Robohash |
Avatar from hash |
Whimsy |
Vash |
Avatar |
Niche |
QR Code (not a hash, but visual encoding) |
Public-key fingerprints, TOTP secrets, signed URLs |
The operator scans, then verifies the underlying hash |
References#
Cryptographic Primitives for ciphers, AEAD, MAC / KDF, signatures, PKE, and the post-quantum migration timeline.
Hashing for the operator’s tradecraft running hashes from the shell.