| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 7.2 - Hash Functions
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series unpacks hash functions, a Domain 3 building block that quietly guards integrity everywhere — from software downloads to password storage and file monitoring. It explains what these functions produce, what separates a trustworthy one from a broken one, and which named algorithms deserve a place in your memory.
What this episode covers
- The message digest — any-size input squeezed into a short, fixed-length fingerprint that changes completely with any edit.
- Two jobs of a digest — verifying integrity by recompute-and-compare, and anchoring digital signatures.
- Five properties of a good hash — any input, fixed output, easy to compute, one-way, and collision resistant.
- The SHA family — deprecated SHA-1, secure SHA-2 variants, and the slower drop-in SHA-3.
- Older and alternative algorithms — collision-broken MD5, the RIPEMD family, and variable-length HAVAL.
- The memorization table — digest lengths from 128 through 512 bits, plus the variable HAVAL and HMAC.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is a hash function, and what does it produce?
A hash function takes an input of almost any size and squeezes it into a short, fixed-length fingerprint called a message digest, derived entirely from the content. Change even one character of spacing or punctuation, and the digest comes out completely different. There is no partial credit — two nearly identical inputs produce two wildly different digests, so the digest simply says same or different, nothing in between.
What are the two main jobs a message digest does?
First, it verifies integrity: the sender computes a digest and sends it along with the message, the receiver runs the same function on what arrived, and a match means the message is untouched. Second, the digest is the foundation of a digital signature. Longer digests generally give more reliable verification than short ones.
What five properties must a good hash function have?
It accepts input of any length, always produces a fixed-length output, is relatively easy to compute for any input, is one-way so you cannot work backward from a digest to recover the original message, and is collision resistant, meaning it is extraordinarily hard to find two different messages that hash to the same value. Put simply, a good hash uniquely represents the data but can never be reversed or de-hashed.
Which hashing families should you recognize?
The Secure Hash Algorithm family is the default modern choice: SHA-1 produces a 160-bit digest but is now deprecated for every purpose, SHA-2 offers secure variants of 224, 256, 384, and 512 bits, and SHA-3 is a drop-in replacement with a different internal design that runs slower and stays niche. Among the others, MD5 gives a 128-bit digest but is vulnerable to collisions, RIPEMD-160 remains secure while the other RIPEMD variants do not, and HAVAL is a variable-length modification of MD5.
What digest lengths should you memorize for the exam?
MD5 and the shortest RIPEMD both give 128 bits, while SHA-1 and RIPEMD-160 both give 160 bits. The SHA-2 and SHA-3 variants map to their names, giving 224, 256, 384, or 512 bits. HAVAL is variable, and the keyed HMAC construction is variable as well — carry this lookup table in your head and any question about output size becomes instant recall.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 7.2 - Hash Functions.