🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 7.2 - Hash Functions

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series unpacks hash functions, a Domain 3 building block that quietly guards integrity everywhere — from software downloads to password storage and file monitoring. It explains what these functions produce, what separates a trustworthy one from a broken one, and which named algorithms deserve a place in your memory.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is a hash function, and what does it produce?

A hash function takes an input of almost any size and squeezes it into a short, fixed-length fingerprint called a message digest, derived entirely from the content. Change even one character of spacing or punctuation, and the digest comes out completely different. There is no partial credit — two nearly identical inputs produce two wildly different digests, so the digest simply says same or different, nothing in between.

What are the two main jobs a message digest does?

First, it verifies integrity: the sender computes a digest and sends it along with the message, the receiver runs the same function on what arrived, and a match means the message is untouched. Second, the digest is the foundation of a digital signature. Longer digests generally give more reliable verification than short ones.

What five properties must a good hash function have?

It accepts input of any length, always produces a fixed-length output, is relatively easy to compute for any input, is one-way so you cannot work backward from a digest to recover the original message, and is collision resistant, meaning it is extraordinarily hard to find two different messages that hash to the same value. Put simply, a good hash uniquely represents the data but can never be reversed or de-hashed.

Which hashing families should you recognize?

The Secure Hash Algorithm family is the default modern choice: SHA-1 produces a 160-bit digest but is now deprecated for every purpose, SHA-2 offers secure variants of 224, 256, 384, and 512 bits, and SHA-3 is a drop-in replacement with a different internal design that runs slower and stays niche. Among the others, MD5 gives a 128-bit digest but is vulnerable to collisions, RIPEMD-160 remains secure while the other RIPEMD variants do not, and HAVAL is a variable-length modification of MD5.

What digest lengths should you memorize for the exam?

MD5 and the shortest RIPEMD both give 128 bits, while SHA-1 and RIPEMD-160 both give 160 bits. The SHA-2 and SHA-3 variants map to their names, giving 224, 256, 384, or 512 bits. HAVAL is variable, and the keyed HMAC construction is variable as well — carry this lookup table in your head and any question about output size becomes instant recall.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 7.2 - Hash Functions.