Question

Are hash algorithms (such as MD5 and SHA1) are as good as they appear to be? Why or why not?

Answer 1

Hashes are the products of cryptographic algorithms designed to produce a string of characters. Often these strings have a fixed length, regardless of the size of the input data. Take a look at the above chart and you’ll see that both “Fox” and “The red fox jumps over the blue dog” yield the same length output.

MD5, SHA-1, and SHA-256 are all different hash functions. Software creators often take a file download—like a Linux .iso file, or even a Windows .exe file—and run it through a hash function. They then offer an official list of the hashes on their websites

That way, you can download the file and then run the hash function to confirm you have the real, original file and that it hasn’t been corrupted during the download process. As we saw above, even a small change to the file will dramatically change the hash.

These can also be useful if you have a file you got from an unofficial source and you want to confirm that it’s legitimate. Let’s say you have a Linux .ISO file you got from somewhere and you want to confirm it hasn’t been tampered with. You can look up the hash of that specific ISO file online on the Linux distribution’s website. You can then run it through the hash function on your computer and confirm that it matches the hash value you’d expect it to have. This confirms the file you have is the exact same file being offered for download on the Linux distribution’s website, without any modifications.