Hashing

A hash takes any input — one character or a terabyte — and returns a fixed-size fingerprint. SHA-256 — the Secure Hash Algorithm, 256-bit variant — always gives back 256 bits, written as 64 hex characters. Same input, same fingerprint, every time. Any difference at all, a completely different fingerprint.

And it only goes one way. There is no un-hash. Given a fingerprint you can't compute the input it came from — you can only guess inputs and check. The rest of this page is about why that's true, not just asserted.

The input space is unlimited. There are infinitely many possible messages. The output space is fixed: exactly 2²⁵⁶ fingerprints. You can't map infinitely many things onto finitely many things without sending huge numbers of inputs to the same output. That's the pigeonhole principle, and it guarantees collisions must exist.

So a fingerprint genuinely doesn't identify one input. The information that told two messages apart isn't encrypted — it's simply gone. Here's the same collapse at toy scale, h(n) = n mod 12:

Collapsing the space isn't enough on its own — mod 12 still leaks structure (you learn the input's remainder). SHA-256 also mixes. It runs 64 rounds of additions, bit-rotations, XORs, and bitwise choose/majority functions, folding every input bit into the entire 256-bit state over and over.

The result has no usable algebraic structure to invert. You can't isolate the input and “solve for it,” because each output bit depends on all the input bits through a tangle of non-linear steps. This is what the avalanche effect looks like from the outside — flip one input bit and about half the output bits flip, unpredictably:

Because there's no inverse and no structure to exploit, the only way back is to guess inputs and hash them until one matches — finding a preimage. That means searching a space of 2²⁵⁶ ≈ 1.16 × 10⁷⁷values. For scale, that's within a few orders of magnitude of the number of atoms in the observable universe.

Put a machine on it doing a trillion hashes a second, then a billion of those machines. Run them since the Big Bang. You'd cover such a vanishing sliver of 2²⁵⁶that the entire age of the universe rounds to zero progress. “Irreversible” here isn't a slogan — it's an arithmetic wall.

• Passwords — a site stores the hash, never the password, with a per-user salt mixed in so identical passwords don't share a fingerprint.
• File integrity — a published checksum lets you confirm a download arrived byte-for-byte intact.
• Signatures & blockchains — you sign the hash of a document, and any later edit changes the hash, so tampering is obvious.