Hashes are functions that take some arbitrary input and return a fixed-length value. The particular value depends on the given hash algorithm in use, such as SHA-1 (used by Git), SHA-256, or BLAKE2, but a given hash algorithm always returns the same value for a given input. Have a look at the full list of hash functions for more.
As an example, the input:
would be represented by SHA-1 as:
However, the exact same input generates the following output using SHA-256:
Notice that the second hash is longer than the first one. This is because SHA-1 creates a 160 bit hash, while SHA-256 creates a 256 bit hash. Also, the prepended
0x is just an indicator that tells us that the following hash is represented as a base 16 (or hexadecimal) number.
Hashes can be represented in different bases (
base32, etc.). In fact, IPFS makes use of that as part of its Content Identifiers and supports mulitiple base representations at the same time, using the Multibase protocol.
For example, the SHA-256 hash of “Hello World” from above can be represented as base 32 as:
Characteristics of cryptographic hashes
Cryptographic hashes come with a couple of very important characteristics:
- deterministic - the same input message always returns exactly the same output hash
- uncorrelated - a small change in the message should generate a completely different hash
- unique - it’s infeasible to generate the same hash from two different messages
- one-way - it’s infeasible to guess or calculate the input message from its hash
It turns out these features also mean we can use a cryptographic hash to identify any piece of data: the hash is unique to the data we calculated it from and it’s not too long (a hash is a fixed length, so the SHA-256 hash of a 1 Gigabyte video file is still only 32 bytes), so sending it around the network doesn’t take up a lot of resources.
That’s critical for a distributed system like IPFS, where we want to be able to store and retrieve data from many places. A computer running IPFS can ask all the peers it’s connected to whether they have a file with a particular hash and, if one of them does, they send back the whole file. Without a short, unique identifier like a cryptographic hash, that wouldn’t be possible. This technique is called “content addressing” — because the content itself is used to form an address, rather than information about the computer and disk location it’s stored at.