Skip to main content

Overview

The hash module provides hashing functions for strings and data, including cryptographic algorithms (MD5, SHA family, BLAKE2), HMACs, and fast non-cryptographic hashes for caching and hash tables. Total functions: 25+
MD5 and SHA-1 are not cryptographically secure. Use them only for checksums, caching keys, and deduplication. For security-sensitive applications, use SHA-256 or SHA-512.

Cryptographic hashes

Secure hashing algorithms suitable for passwords, signatures, and integrity verification.
Compute MD5 hash of string.
hash::md5 "hello world"
# Output: 5eb63bbbe01eeed093cb22bb8f5acdc3
Requires: md5sum (Linux) or md5 (macOS)
MD5 is cryptographically broken. Use only for non-security purposes.
Compute SHA-1 hash of string.
hash::sha1 "hello world"
# Output: 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
Requires: sha1sum, shasum, or openssl
SHA-1 is deprecated for cryptographic use. Prefer SHA-256+.
Compute SHA-256 hash of string.
hash::sha256 "hello world"
# Output: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Requires: sha256sum, shasum, or opensslThis is the recommended algorithm for most security purposes.
Compute SHA-512 hash of string.
hash::sha512 "hello world"
# Output: 309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Requires: sha512sum, shasum, or opensslProvides higher security margin than SHA-256.
Compute SHA-3 (Keccak) 256-bit hash.
hash::sha3_256 "hello world"
Requires: openssl with SHA-3 support (OpenSSL 1.1.1+)SHA-3 is the latest SHA family member with different internal design.
Compute BLAKE2b hash (512-bit).
hash::blake2b "hello world"
Requires: b2sum or openssl with BLAKE2 supportBLAKE2 is faster than MD5 while being cryptographically secure.

HMAC (keyed hashing)

Hash-based Message Authentication Codes for verifying authenticity and integrity.
Compute HMAC-SHA256.
hash::hmac::sha256 "secret-key" "message"
# Output: 32-byte hex digest
Parameters:
  • key - Secret key for HMAC
  • message - Data to authenticate
Requires: opensslUsed for API signatures, JWT tokens, webhook verification.
Compute HMAC-SHA512.
hash::hmac::sha512 "secret-key" "message"
Requires: opensslStronger variant of HMAC-SHA256.
Compute HMAC-MD5.
hash::hmac::md5 "secret-key" "message"
Requires: openssl
Use only for legacy compatibility. Prefer HMAC-SHA256.

Non-cryptographic hashes

Fast, pure Bash hashing functions for hash tables, caching, and data structures. Not suitable for security.
DJB2 hash (Daniel J. Bernstein).
hash::djb2 "hello"
# Output: 210676686595 (32-bit unsigned)
Classic, fast hash. Good general-purpose choice for hash tables.Pure Bash - No external dependencies
DJB2a hash (XOR variant).
hash::djb2a "hello"
Slightly better distribution than DJB2 for certain inputs.Pure Bash
SDBM hash (from SDBM database).
hash::sdbm "hello"
Often outperforms DJB2 for database keys.Pure Bash
FNV-1a 32-bit hash (Fowler-Noll-Vo).
hash::fnv1a32 "hello"
Excellent avalanche properties, widely used in hash tables.Pure Bash
FNV-1a 64-bit hash.
hash::fnv1a64 "hello"
# Output: 16-character hex string
Better for longer strings due to larger state.Pure Bash
Adler-32 checksum (used in zlib/PNG).
hash::adler32 "hello"
Fast integrity checksum, not a true hash function.Pure Bash
CRC32 checksum.
hash::crc32 "hello"
Requires: crc32, python3, or cksum
When using cksum, algorithm differs slightly from standard CRC32.
MurmurHash2 with optional seed.
hash::murmur2 "hello"
# With seed:
hash::murmur2 "hello" 42
Parameters:
  • string - Data to hash
  • seed - Optional seed value (default: 0)
Fast, good distribution. Popular in many hash table implementations.Pure Bash

Utility functions

Higher-level helpers for common hashing tasks.
Verify string matches expected hash.
expected="5eb63bbbe01eeed093cb22bb8f5acdc3"
if hash::verify "hello world" "$expected" md5; then
  echo "Hash matches!"
fi
Parameters:
  • string - Data to hash
  • expected_hash - Expected hash value
  • algorithm - Hash function name (default: sha256)
Returns: Exit code 0 if match, 1 otherwise
Map value to bucket using consistent hashing.
hash::slot 10 "[email protected]"
# Output: 7 (bucket 0-9)
Parameters:
  • n_buckets - Number of buckets (0 to n-1)
  • value - Value to hash
Useful for load balancing, sharding, cache partitioning.
Generate short hash (truncated SHA-256).
hash::short "hello world" 8
# Output: b94d27b9 (first 8 chars)

hash::short "hello world"
# Output: b94d27b9 (default: 8 chars)
Parameters:
  • string - Data to hash
  • length - Number of characters (default: 8)
Good for short identifiers where collision probability is acceptable.
Hash multiple values into single hash.
hash::combine "user" "2024-01-15" "create"
# Output: combined SHA-256 hash
Parameters: Multiple values to combineUseful for cache keys from multiple inputs:
cache_key=$(hash::combine "$user_id" "$date" "$action")
Check if two strings have the same hash.
if hash::equal "password1" "password2" sha256; then
  echo "Strings are equal"
fi
Parameters:
  • string1 - First string
  • string2 - Second string
  • algorithm - Hash function (default: sha256)
Constant-time safe via hash comparison (prevents timing attacks).
Generate UUID v5 (name-based, SHA-1).
hash::uuid5 "example.com" "[email protected]"
# Output: deterministic UUID
Parameters:
  • namespace - UUID namespace or domain string
  • name - Name to hash
Requires: python3 or uuidgenUnlike UUID v4, generates same UUID for same inputs (deterministic).

Performance comparison

Non-cryptographic (fastest to slowest)

  1. DJB2/DJB2a - Simplest, very fast
  2. SDBM - Good for database keys
  3. FNV-1a - Best distribution
  4. Adler-32 - Fast checksum
  5. MurmurHash2 - Good balance

Cryptographic (fastest to slowest)

  1. BLAKE2 - Faster than MD5, secure
  2. SHA-256 - Industry standard
  3. SHA-512 - Higher security
  4. SHA-3 - Newest standard

Use cases

Cache keys

# Generate cache key from multiple inputs
cache_file="/tmp/cache_$(hash::short $(hash::combine "$user" "$query"))"

Data integrity

# Verify file hasn't changed
expected=$(hash::sha256 "$(cat config.json)")
if hash::verify "$(cat config.json)" "$expected" sha256; then
  echo "Config unchanged"
fi

Hash table bucketing

# Distribute users across 10 shards
shard=$(hash::slot 10 "$user_email")
echo "User assigned to shard $shard"

API request signing

# Sign API request with HMAC
signature=$(hash::hmac::sha256 "$api_secret" "$request_body")
curl -H "X-Signature: $signature" "$api_url"

Build docs developers (and LLMs) love

Get started for freeTalk to us