SHA-3 (Secure Hash Algorithm 3) / Keccak is the latest in the National Institute of Standards and Technology series of *Cryptographic Hash Functions*.

This particular algorithm was developed after theoretical weaknesses were found in the SHA-1 algorithm, so that there would be a credible ready-to-use replacement for the SHA-2 algorithm if it became compromised.

### Enter your message text:

### Choose a hash value bit length:

### Hash Value

### What's a hash function?

A *hash function* takes arbitrary data (the "message") and calculates a "hash value" (or "message digest") of a specified length from that data using a one-way algorithm. It's (for any good hash function) impossible to take a hash value and derive the original message.

A *cryptographic hash function* does this in a secure way: so that it would be very hard to artificially construct a message for a specific hash value. Even tiny changes to the message input result in large and unpredictable changes to the hash function.

### What's the point?

It's a secure way of summarising data without having to provide all the data. It's also theoretically impossible (computationally infeasible) to find a different message data that yields the same hash value.

### Tell me more about SHA-3 / Keccak...

Try the Keccak web site.

### Should I use SHA-2 or SHA-3? Or some other hash function?

They both offer the same range of bit lengths for the hash, and thus the same theoretical computational effort to break. SHA-3 / Keccak is newer than the algorithm that SHA-2 uses though, so crackers will have had longer to examine and break SHA-2.

### What are hash functions used for?

Given their properties, the main uses are in verifying the integrity or identity of files or messages.

e.g. If you're downloading a large file, the source of the download might also give a previously computed hash value so that you can check the file has arrived correctly (and not been tampered with or corrupted) by calculating the hash after you've downloaded. Even a small discrepancy would yield a completely different hash value.

It's also used for verifying your password. Storing the hash of your password instead of the actual password improves security as if the database holding login information gets into the wrong hands, they cannot log in without calculating a password that yields that hash and they can't use your password on other web sites.

It's used in bittorrent to (theoretically) uniquely identify a given torrent by calculating the hash across all the files in the torrent.

### Are there caveats to using this?

All cryptographic hash functions in the past have been made obsolete after a few years. Thus, it is likely that in (say) 5 years, it will be possible to calculate a new message text that yields the same hash code / message digest.