Half the Bits, Every Time
A hash function takes anything — a word, a password, a film — and returns a fixed-size fingerprint. Type below and watch a real SHA-256 run. Then change one single bit of your input and watch about half of the 256 output bits flip, scattered and unpredictable. That cascade — the avalanche — is the thing every text explainer tells you about and none let you see. Here you can.
However much you type — one letter or a million — the answer is always exactly 256 bits (64 hexadecimal digits). The input has no size limit; the output never changes size. That is the first surprising thing a hash does.
Flip one bit. Watch it avalanche.
Below is your input again, and a copy with exactly one bit flipped. The two inputs differ by the smallest change possible — yet their fingerprints share almost nothing. The grid on the right lights up every output bit that flipped.
Each cell is one of the 256 output bits; a lit cell flipped, a dark one held. No matter what you flip, you get a different ~half lit every time — there is no pattern that lets you predict which. That is what makes a hash a fingerprint: the tiniest difference in the thing produces a totally different mark, so a changed file can never quietly keep its hash.
The check — shown, not asserted
The digests above are computed by our own from-scratch SHA-256 (the full FIPS 180-4 algorithm, no crypto library), running in your browser. Here it is reproducing the two best-known published test vectors live, right now:
And the avalanche is real, not a lucky screenshot. The offline verifier flipped one input bit 200,000 times over random messages:
mean output bits flipped = 127.98 / 256 = 49.99%
(range over all trials: 90–168 bits; every one of the 256 output bits flips at a rate
between 0.496 and 0.503 — the strict avalanche criterion).
The same implementation is checked bit-identical to Node's audited
crypto over 5,000 random messages, and against the FIPS million-a
vector. Reproduce it all: research/hash-function/verify.mjs.
Three things a hash is — and one it isn't
It is deterministic, and one-way.
The same input always gives the same fingerprint — that's why a hash can verify a download or a password. But you cannot run it backwards: the standard defines no "un-hash." The only way to find an input for a given hash is to guess candidate inputs and hash each one until one matches. For a real 256-bit hash that search is hopeless.
It is not encryption.
The most common confusion. Encryption has a key and is meant to be reversed — the right key gets your message back. A hash has no key and is meant never to be reversed; it throws information away on purpose. You don't "decrypt" a hash. (This is also why a leaked password database is hashed, not encrypted — and why good ones add a random salt so attackers can't pre-compute the guesses.)
Collisions must exist — finding one is the hard part.
There are infinitely many possible inputs and only 2256 possible outputs, so by the pigeonhole principle some different inputs must share a hash. A hash isn't a unique fingerprint in principle — only in practice, because finding such a pair would take about 2128 tries. Don't believe the wall is that high? Knock it down: truncate the hash to a handful of bits and watch collisions appear right away — at exactly the rate the birthday problem predicts.