Hash Functions#

Reference of hash functions by category with operator-relevant notes on what each one is used for, what’s safe to deploy in 2026, and what’s deprecated. For wider cryptographic coverage see Cryptographic Primitives. For the daily tradecraft of running hashes on Linux see Hashing.

A hash function maps arbitrary-length input to a fixed-length (or extendable) output. The categories below cluster by what the operator does with them, not by mathematical construction.

General-purpose cryptographic hashes#

Collision-resistant, pre-image-resistant, fast enough for files and TLS, slow enough to make adversarial forgery infeasible. The operator reaches for SHA-256 first; everything else is justified by interop or performance constraints.

Algorithm

Digest size

Used for

Notes

SHA-256

256 bit

File integrity, code signing, TLS / X.509, blockchains, container image digests

FIPS 180-4; the universal default in 2026

SHA-384

384 bit

CNSA-2.0 TLS profiles, NSA Suite B

FIPS 180-4

SHA-512

512 bit

High-throughput integrity on 64-bit hardware, password-hash inputs

FIPS 180-4; faster than SHA-256 on amd64 / arm64

SHA-224

224 bit

Smaller variant; rare in modern use

FIPS 180-4

SHA-512/224, SHA-512/256

224, 256 bit

SHA-512 truncated; outruns SHA-256 on 64-bit

FIPS 180-4

SHA3-224, 256, 384, 512

224 / 256 / 384 / 512 bit

TLS, certs, conservative post-quantum-curious deployments

FIPS 202; Keccak sponge construction

SHAKE128, SHAKE256

extendable-output (XOF)

KDF inputs, stateless signatures (XMSS, SPHINCS+), arbitrary-length digests

FIPS 202; SHA-3 family

BLAKE2b

up to 512 bit

Content-addressed storage, fast file integrity, IPFS, Argon2 core

RFC 7693; ~3x faster than SHA-256 in software

BLAKE2s

up to 256 bit

Constrained / 32-bit devices

RFC 7693

BLAKE3

256 bit (extendable)

Parallel tree-hashing, content addressing, dedup, KDF

Fastest mainstream cryptographic hash; tree-parallel; b3sum

RIPEMD-160

160 bit

Bitcoin / Ethereum address derivation, BIP32

Legacy outside cryptocurrency

Whirlpool

512 bit

Specialty / interop; rare

ISO/IEC 10118-3

SM3

256 bit

Chinese national standard; required in CN compliance

GB/T 32905; in CN-issued certs

Streebog (GOST R 34.11-2012)

256, 512 bit

Russian national standard

ISO/IEC 10118-3

Legacy and broken hashes#

Collision-broken. Still seen in the wild for non-security checksums and legacy protocols. The operator recognises them and refuses them for anything adversarial.

Algorithm

Digest size

Status

Where it still shows up

MD5

128 bit

Collision-broken since 2004

Non-crypto checksums, file dedup, legacy interop, package manifests

SHA-1

160 bit

Collision-broken (SHAttered 2017, Shambles 2020)

Git object IDs (migrating to SHA-256), legacy TLS certs (deprecated)

MD4

128 bit

Broken

NTLM, rsync rolling checksum, legacy eDonkey

MD2

128 bit

Broken

1990s X.509 certs only

RIPEMD-128

128 bit

Digest too small

Avoid

Tiger

192 bit

Old, narrow review

ED2K, eDonkey-era P2P

HAVAL

variable

Broken

Defunct

Keyed hashes and MACs#

Authenticate content against a secret, not just a public digest. Pair with a transport (HMAC over a JWT) or a cipher (Poly1305 over ChaCha20).

Algorithm

Construction

Used for

Notes

HMAC-SHA-256

Hash-based MAC

AWS SigV4, JWT HS256, IPsec, TLS PRF, webhook signing

RFC 2104; the daily workhorse

HMAC-SHA-512

Hash-based MAC

High-security MAC, BIP32 (Bitcoin) HD key derivation

RFC 2104

HMAC-SHA-1

Hash-based MAC

OAuth 1, RFC 6238 TOTP, RFC 4226 HOTP

Acceptable; SHA-1 collisions do not break HMAC

HMAC-MD5

Hash-based MAC

Legacy IPsec, RADIUS

Acceptable for MAC; deprecated direction

Poly1305

One-time MAC

TLS 1.3 (ChaCha20-Poly1305), IKEv2, WireGuard, Signal

RFC 8439; key used once, paired with a cipher

GMAC

AES-GCM tag-only

AEAD authentication when no payload encryption is needed

NIST SP 800-38D

KMAC

Keccak-based MAC

SHA-3-family MAC

NIST SP 800-185

CMAC (OMAC1)

AES block-cipher MAC

Constrained devices, NIST SP 800-38B

Block-cipher-based MAC

SipHash-2-4

Short-input PRF

DoS-resistant hash-table keying

Inside Python dict, Rust HashMap, Linux kernel

Password hashes and KDFs#

Slow on purpose. Different problem from file integrity; the operator uses these for /etc/shadow-style password storage, PAKE protocols, and key derivation from user secrets. Argon2id is the 2026 default; PBKDF2 lingers only where FIPS or compliance requires it.

Algorithm

Hardness model

Used for

Notes

Argon2id

Memory-hard

New password storage, KDF for symmetric keys

RFC 9106; the operator’s default in 2026

Argon2i, Argon2d

Memory-hard

Specialized variants (side-channel vs GPU resistance)

RFC 9106

scrypt

Memory-hard

Older but solid; Tarsnap, LTC, password storage

RFC 7914

bcrypt

Iteration-based

Legacy password storage, ubiquitous in web frameworks

Predates memory-hard era; 72-byte input cap

PBKDF2

Iteration-based

TLS 1.2 PSK, WPA2, FIPS-required deployments

RFC 2898; weaker than memory-hard; required in some compliance regimes

sha512crypt ($6$)

Iteration-based

Default /etc/shadow on many distros

glibc crypt; $6$rounds=...$

yescrypt ($y$)

Memory-hard

Default /etc/shadow on modern Debian / Ubuntu / Fedora

scrypt-derived; libxcrypt

Balloon hashing

Memory-hard

Niche, formally verified deployments

Provably memory-hard

HKDF

Extract-and-expand KDF

TLS 1.3 key schedule, Signal, Noise, WireGuard

RFC 5869; runs over a base hash, typically SHA-256

Blake3 KDF mode

PRF-style KDF

High-throughput key derivation from a context string

Built into BLAKE3

Non-cryptographic hashes#

Fast, not collision-resistant against an adversary, but cheap and good enough for hash tables, sharding, checksumming, dedup, and sampling. The operator who uses one of these for an integrity check against a motivated attacker has misused it.

Algorithm

Output

Used for

Notes

CRC32 (POSIX)

32 bit

Ethernet, TLS record integrity, zlib, gzip footers

Detects bit flips, not tampering

CRC32C (Castagnoli)

32 bit

iSCSI, ext4 metadata, SCTP, BTRFS

Hardware-accelerated on amd64 / arm64

Adler-32

32 bit

zlib stream header

Faster than CRC32

Fletcher-32

32 bit

ZFS metadata

xxHash (XXH32, XXH64, XXH128, XXH3)

32 / 64 / 128 bit

File dedup, content-addressed cache keys, rsync, zstd

Fastest non-crypto family; xxhsum

MurmurHash3

32 / 128 bit

Bloom filters, hash tables (Cassandra), tracing IDs

Austin Appleby

CityHash / FarmHash

64 / 128 bit

Google high-quality non-crypto

FarmHash is the successor

FNV-1a

32 / 64 / 128 bit

Tiny embedded hash tables

Very simple, very fast

Jenkins (lookup3)

32 bit

Bloom filters, hash tables

Bob Jenkins

SipHash-1-3

64 bit

DoS-resistant hash-table keying (lighter than HMAC)

Keyed; cheaper than full HMAC

DJB2

32 bit

String hashing in compilers, lexers

Bernstein

Merkle and tree hashes#

Aggregate a hash over many leaves so a single root authenticates the whole set. Inclusion proofs are O(log n). The operator sees these in cryptocurrencies, Git, Certificate Transparency, IPFS, and parallel hashing tools.

Construction

Used for

Notes

Merkle tree

Bitcoin block merkle root, Git tree objects, IPFS, Certificate Transparency, Apache Arrow

O(log n) inclusion proof; binary tree of hashes

Hash list

rsync delta, BitTorrent piece hashes

Flat list of per-chunk hashes

Hash chain

One-time auth (S/Key), blockchain block linking

h(h(h(…x))); one-way

Merkle-Damgård

SHA-1, SHA-2 family internal construction

Block-by-block compression with length-extension caveat

Sponge

SHA-3, BLAKE2 internal construction

Absorb-and-squeeze; supports XOFs

Tree mode (BLAKE3)

Parallel hashing, partial verification, streaming

Native to BLAKE3

Skein tree mode

SHA-3 finalist

Tree-mode for parallelism

Verkle tree

Ethereum-style state commitments

Vector-commitment variant of Merkle; shorter proofs

Locality-sensitive and similarity hashes#

Map similar inputs to similar (or identical) digests. The operator uses these for malware clustering, near-duplicate document detection, threat-intel correlation, and approximate nearest neighbor search.

Algorithm

Output

Used for

Notes

MinHash

Bag of k 32-bit ints

Jaccard similarity over sets, near-duplicate documents, plagiarism

Used by Lucene, BigQuery dedup

SimHash

64-bit (typical)

Near-duplicate web pages, document clustering

Charikar 2002; Google web-crawl dedup

TLSH (Trend Micro LSH)

35-byte hex

Malware similarity, threat-intel clustering

OASIS standard

ssdeep (CTPH)

Variable

Fuzzy file hashing, malware similarity

Context-triggered piecewise hash; ssdeep tool

sdhash

Bloom-filter-based

Forensic similarity hashing

Roussev

mrsh-v2

Bloom-filter-based

Forensic similarity, faster than sdhash

LZJD

Lempel-Ziv distance

Malware similarity, robust to obfuscation

vhash

Variable

Malware similarity in VirusTotal

VT-proprietary

Nilsimsa

32-byte

Anti-spam, near-duplicate email

Older anti-spam pipelines

p-stable LSH

hash table buckets

High-dimensional ANN search

Datar et al.

Perceptual hashes#

Robust to lossy transformations (resize, recompress, recolor). Used for content matching, moderation, CSAM detection, copyright enforcement.

Algorithm

Modality

Used for

Notes

aHash (average hash)

Image

Quick image similarity, baseline

Trivial; fast

dHash (difference hash)

Image

Image similarity

Faster than pHash, often more accurate than aHash

pHash (perceptual hash)

Image

Image similarity, dedup, copyright

DCT-based; robust to scale and recompression

wHash (wavelet hash)

Image

Image similarity

Wavelet-based; more robust

PhotoDNA

Image

CSAM detection (NCMEC, Microsoft)

Proprietary

PDQ

Image

CSAM detection (Meta)

Open-source

TMK+PDQF

Video

Content moderation (Meta)

Keyframes (TMK) plus PDQ frame descriptors

VideoHash

Video

Near-duplicate video

Open-source

Chromaprint (AcoustID)

Audio

Music ID, podcast ID

Open-source

Echoprint

Audio

Music identification

Spotify-derived

Shazam fingerprint

Audio

Music identification

Proprietary

PHashAudio

Audio

Audio similarity

Same family as image pHash

Geohashes and spatial encodings#

Encode latitude / longitude (and sometimes altitude) to a string or integer. Not cryptographic; designed for prefix-based proximity, indexing, and tiling. The operator uses these for geofencing, sharding by region, target plotting, and MGRS-style quick reference.

Encoding

Output

Used for

Notes

Geohash

Base-32 string

Redis GEO, Elasticsearch geohash agg, prefix-based proximity

Niemeyer 2008; longer prefix means more precision

S2 cells

64-bit cell ID

Google Maps, Foursquare, regional sharding

Hilbert-curve hierarchy; well-defined cell levels

H3

64-bit cell ID

Uber dispatch, hex grids, ridesharing

Hexagonal cells; uniform neighbourhood distance

Plus Codes (Open Location Code)

Alphanumeric

Google Maps Plus Codes, postal alternative

Google open standard

Quadkeys

Base-4 string

Bing Maps, tile pyramids

Microsoft tile system

Maidenhead Locator

Alphanumeric

Amateur radio grid

6-char square ~ 5 km

What3Words

3 dictionary words

Consumer geocoding

Proprietary; 3 m precision

MGRS

Alphanumeric grid

NATO / US military grid reference

The operator’s grid in IC / SOF context

UTM

Easting / northing pair

Survey, GIS, plotting

60 zones; basis for MGRS

Distributed-system hashes#

Map keys to nodes, shards, or buckets. Cheap, deterministic, sometimes “consistent” so rebalancing moves O(K/N) keys instead of all of them.

Algorithm

Used for

Notes

Consistent hashing (ring)

Dynamo, Cassandra, Couchbase partitioning

Re-shard moves O(K/N) keys

Rendezvous (HRW) hashing

Web caches, distributed K/V

Often simpler and better than ring

Jump consistent hash

Sharded backends; Google

Lamping and Veach 2014; very fast

Maglev hashing

Google L4 load balancer

Bin-balanced consistent hash

Ketama

Memcached consistent hashing

Last.fm; common in libmemcached clients

Bloom filter

Set membership tests with no false negatives

Multiple hash functions; tunable false-positive rate

Cuckoo filter

Set membership with deletion

Lower false-positive rate than Bloom at similar memory

HyperLogLog

Cardinality estimation

Streaming distinct-count; Redis PFCOUNT

t-digest, GK-sketch

Quantile estimation

Streaming p50 / p95 / p99

Count-Min sketch

Frequency estimation

Top-K, heavy hitters

Visual hashes#

Visualize a fingerprint so the operator can compare two values by eye instead of by character-by-character readout.

Algorithm

Used for

Notes

SSH randomart

SSH host-key visual fingerprint

OpenSSH VisualHostKey yes; “Drunken Bishop” algorithm

BubbleBabble

Pronounceable key fingerprint

OpenSSH legacy; ssh-keygen -B

Identicon

Avatar from email / IP hash

GitHub, Stack Overflow

Robohash

Avatar from hash

Whimsy

Vash

Avatar

Niche

QR Code (not a hash, but visual encoding)

Public-key fingerprints, TOTP secrets, signed URLs

The operator scans, then verifies the underlying hash

References#