mlab mlab Academy
Fundamentals

What is a file hash?

Understanding digital fingerprints: how a hash uniquely identifies a file.

1 Introduction

A file hash is like a fingerprint for a file. Just as every person has a unique fingerprint, every file produces a unique hash: a string of hexadecimal characters that identifies it with near-perfect accuracy. If you change even a single byte in the file, the fingerprint changes completely. This property makes hashes essential in cybersecurity for verifying file integrity and detecting malware.

4

Common algorithms (MD5, SHA1, SHA256, SHA512)

2256

Possible combinations for SHA256

≈ 0%

Collision probability on SHA256

2 How It Works

Use the calculator below to see how hashing works. Enter some text or select a file, and watch how the slightest change produces a completely different hash. This is called the avalanche effect: a tiny modification produces a radically different result.

The process in 3 steps

1

The file is read byte by byte by the hashing algorithm

2

The data is transformed through irreversible mathematical operations

3

The result is a fixed-length string of characters: the hash

3 Detailed Analysis

What happens if you change a single byte?

Imagine a file whose SHA256 hash starts with a7f3b2c1.... If you change just one character in that file, even adding a single space, the new hash will look something like 9e4d8f0a.... No resemblance at all. It is as if two completely different people left their fingerprints.

Fundamental properties

Deterministic

The same file always produces the same hash, on any computer, every time.

Irreversible

It is impossible to reconstruct the original file from its hash. It is a one-way function.

Collision resistant

It is nearly impossible for two different files to produce the same hash.

Practical example: verifying a download

When you download software like Ubuntu Linux, the official site displays the SHA256 hash of the file. Once downloaded, you compute the hash of your file and compare the two. If they match, your file is intact. If they differ, the file was modified in transit -- possibly by an attacker.

# Hash displayed on the official site:

sha256: a1b2c3d4e5f6...abc123

# Hash computed on your file:

sha256: a1b2c3d4e5f6...abc123 ✓ Match!

Try it on mlab.sh

Generate MD5, SHA1, and SHA256 hashes for any text or file instantly. Practice computing and comparing hashes with the same algorithms you just learned about.

Generate hashes on mlab.sh

4 Red Flags

The hash does not match

If the hash of your download does not match the one on the official site, the file has been tampered with. Do not open it.

No hash provided

A reputable download site always provides hashes for its files. The absence of a hash is suspicious.

MD5 used alone

MD5 is vulnerable to collisions. If a site only provides an MD5 hash, the verification is less reliable. Prefer SHA256.

Hash known as malicious

Databases like VirusTotal catalog hashes of malicious files. A hash found in these databases is a major red flag.

Hash and file come from the same server

If an attacker controls the server, they can modify both the file and the displayed hash. Always verify through an independent source.

Powered by mlab.sh

Related Modules

Understanding MD5, SHA1, SHA256

Deep dive into hashing algorithms: strengths, weaknesses, and use cases.

What is an IOC?

Clues of a cyberattack: learning to recognize indicators of compromise.

Recognizing a malicious file

Warning signs to look for before opening a suspicious file.