If you’re just starting out in cybersecurity, you’ve probably already come across the term hash or hashing, a fundamental concept closely tied to Integrity, one of the three pillars of the CIA Triad: Confidentiality, Integrity, and Availability.
What Is Integrity?
Integrity means ensuring data hasn’t been tampered with. Basically, that it remains complete, accurate, and trustworthy.
This is crucial. Imagine a bank with thousands of customers. The integrity of every transaction and account balance must be preserved. If someone altered even a few records, customers might log in to find incorrect balances.
Integrity also protects organizations from software supply chain attacks. Suppose a company, OptimusLab, downloads software from what it believes is a trusted vendor. Unknown to them, a malicious actor has tampered with the vendor’s website, replacing the legitimate installer with a compromised one containing malware.
If OptimusLab installs the file without verifying its integrity, their internal network could be infected — leading to data breaches, ransomware, and major reputational damage.
That’s where hashing comes in!
Many software vendors publish the hash value (e.g., a SHA-256 checksum) of their official downloads. When you download the file, you can compute its hash locally and compare it to the one on the vendor’s site.
If the hash match, then the file is authentic, and if it doesn’t match, well, the file is either corrupted or has been modified.
Alright, but what exactly is a hash?
A hash is a fixed-length string of characters produced by a mathematical algorithm that uniquely represents the original data. Any small change to the original input, will produce a completely different hash.
It’s important to undestand that hashes are one-way operation. We can obtain the hash from an input, but we cannot obtain the original input from a hash.
The most common mathematical algorithms, also known as hash functions, are:
- MD5: Fast but insecure due to collisions — not recommended.
- SHA-1: Once standard, now vulnerable to collision attacks.
- SHA-256 / SHA-3: Modern, secure, and widely used in encryption, blockchain, and password hashing.
- Argon2id: Recommended for passwords
For a hash function to be considered good, it must be:
- Deterministic: The same input always produces the same hash.
- Fixed Output Length: Hash size doesn’t depend on input size.
- Pre-image Resistance: It’s infeasible to reverse-engineer the input from the hash.
- Collision Resistance: It’s hard to find two inputs with the same hash.
- Avalanche Effect: Small input changes cause big differences in output.
Hashing in action
Let’s run a simple python script using the built-in hashlib module to see how hash values actually look like.
If we run the following code using “Hello World” as input…
import hashlib
text = "Hello World"
hash_sha256 = hashlib.sha256(text.encode()).hexdigest()
hash_md5 = hashlib.md5(text.encode()).hexdigest()
hash_sha128 = hashlib.sha128(text.encode()).hexdigest()
print(f"Sha256: {hash_256} )
print()
print(
… we would get:
Sha256: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e
Sha128: 0a4d55a8d778e5022fab701977c5d840bbc486d0
MD5: b10a8db164e0754105b7a99be72e3fe5
Now look what happens with a tiny change. We will now use “hello world”
Sha256: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Sha128: 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
MD5: 5eb63bbbe01eeed093cb22bb8f5acdc3
That’s the avalanche effect in action.
Hypothetical Scenario
Let’s now analyze a made-up scenario to better understand the critical role of hashing in cybersecurity.
Background
FinSecure Bank, a mid-sized financial institution, relies heavily on its internal systems to track all employee logins, customer transactions, and administrative actions. These log files are essential for detecting fraud, investigating incidents, and maintaining compliance with regulatory frameworks such as PCI-DSS and ISO 27001.
The Incident
In early 2024, FinSecure noticed unusual behavior in one of its internal financial systems — a few high-value wire transfers had been approved outside of normal business hours. When the cybersecurity team began investigating, they encountered a major problem: the system logs had been tampered with.
- Certain log entries showing administrative access at 2:14 AM were missing.
- Others had been altered to appear as if the actions were performed by a different user.
Without trustworthy logs, the team couldn’t immediately determine who initiated the transactions, what commands were executed, or when the breach actually occurred.
Root Cause
The investigation revealed that the attacker had gained access to the logging server and manually edited log files to cover their tracks. Because FinSecure’s logs were stored as plain text and lacked cryptographic integrity protection, there was no easy way to detect the tampering until it was too late.
This made digital forensics extremely difficult, delaying the response and allowing the attacker to exfiltrate sensitive data before detection.
How Hashing Could Have Prevented This
If FinSecure had implemented hash-based integrity verification for their logs, this breach could have been identified immediately . Here’s how that would have worked:
-
Hashing Each Log Entry at the time it’s written. The hash value is then appended or stored separately in a secure location.
-
Chaining Hashes (Hash Chains)
To make tampering even harder, each log entry’s hash could incorporate the previous entry’s hash (a blockchain-like structure).This ensures that altering any single log invalidates the entire chain. -
Verification and Alerts. A monitoring system can routinely verify hashes. If any hash mismatch occurs, it triggers an alert, signaling possible log tampering or file corruption.
Outcome With Proper Hashing
Had FinSecure used this approach:
- Any modification to the logs would have broken the hash chain, immediately revealing unauthorized changes.
- Investigators could have pinpointed exactly when tampering occurred and which records were affected.
- Incident response would have been faster, and the attacker’s window of opportunity dramatically reduced.
Conclusion
In cybersecurity, integrity is trust — the assurance that what you see and rely on is authentic, complete, and untampered. Hashing lies at the heart of that trust. From verifying downloaded software and protecting passwords to securing digital signatures and preserving the integrity of system logs, hashes provide the mathematical foundation that keeps modern systems honest.
Without integrity, data becomes unreliable, investigations lose credibility, and even the most secure systems can be undermined from within. With it, organizations gain transparency, accountability, and confidence in every transaction and record they maintain.
As technology continues to evolve — and threats grow more sophisticated — understanding and implementing hashing correctly isn’t just a technical best practice; it’s a core security principle.
