Hashing, Salting & Password Storage¶

Hashing is one-way: easy to compute, infeasible to reverse. It powers integrity checks and password storage.

What Makes a Good Hash Function¶

Deterministic — same input → same output.
Fast to compute (for integrity) but one-way.
Avalanche effect — a 1-bit change flips ~half the output.
Collision-resistant — hard to find two inputs with the same hash.

Algorithm	Status
MD5	❌ Broken — collisions trivial
SHA-1	❌ Broken — deprecated
SHA-256 / SHA-3	✅ Use for integrity

Hashing for Integrity¶

Publish a file's SHA-256 hash; recipients recompute it to verify the download wasn't tampered with.

bash

2 lines

1sha256sum installer.iso
2# compare against the vendor's published hash

Password Storage — The Right Way¶

Never store passwords in plaintext, and never use a fast hash (SHA-256) alone for passwords — attackers can compute billions per second.

Use a Slow, Salted Password Hash¶

Function	Notes
bcrypt	Battle-tested, tunable cost
scrypt	Memory-hard
Argon2id	Modern winner — memory + time hard

These are deliberately slow and memory-intensive to thwart brute force.

Salt¶

A salt is a unique random value added to each password before hashing.

hash = Argon2id(password + unique_salt)

Defeats rainbow tables (precomputed hash lookups).
Ensures two users with the same password get different hashes.
The salt is stored alongside the hash (it need not be secret).

Pepper (optional extra)¶

A pepper is a secret value (stored separately, e.g., in an HSM/env var) added to all passwords — so a database-only leak still can't be cracked offline.

Comparing Securely¶

When verifying, use constant-time comparison to avoid timing attacks. Most password libraries handle this for you — another reason not to roll your own.

HMAC — Keyed Hashing for Authenticity¶

An HMAC combines a hash with a secret key to verify both integrity and authenticity of a message (e.g., webhook signature verification):

HMAC-SHA256(key, message) → signature

The receiver recomputes the HMAC with the shared key; a match proves the message is authentic and unaltered.

What Makes a Good Hash Function¶

Deterministic — same input → same output.

Fast to compute (for integrity) but one-way.

Avalanche effect — a 1-bit change flips ~half the output.

Collision-resistant — hard to find two inputs with the same hash.

Algorithm	Status
MD5	❌ Broken — collisions trivial
SHA-1	❌ Broken — deprecated
SHA-256 / SHA-3	✅ Use for integrity

Password Storage — The Right Way¶

Never store passwords in plaintext, and never use a fast hash (SHA-256) alone for passwords — attackers can compute billions per second.

Use a Slow, Salted Password Hash¶

Function	Notes
bcrypt	Battle-tested, tunable cost
scrypt	Memory-hard
Argon2id	Modern winner — memory + time hard

These are deliberately slow and memory-intensive to thwart brute force.

Salt¶

A salt is a unique random value added to each password before hashing.

hash = Argon2id(password + unique_salt)

Defeats rainbow tables (precomputed hash lookups).

Ensures two users with the same password get different hashes.

The salt is stored alongside the hash (it need not be secret).

Pepper (optional extra)¶

A pepper is a secret value (stored separately, e.g., in an HSM/env var) added to all passwords — so a database-only leak still can't be cracked offline.