Summary

Hashing algorithms map input to fixed-size outputs. Choose the algorithm based on whether you need speed, security, password storage, or distribution.

Interview Points

  • Non-cryptographic hashes: fast for hash tables, checksums, partitioning.
  • Cryptographic hashes: SHA-256/SHA-3 for integrity and tamper detection.
  • Password hashing: bcrypt, scrypt, Argon2 because they are intentionally slow and salted.
  • Consistent hashing: distributes keys across nodes with limited movement on membership changes.
  • Do not use MD5 or SHA-1 for security-sensitive integrity.

2-3 Minute Interview Script

“Hashing is not one thing; the right algorithm depends on the goal. For in-memory maps or partitioning, I want a fast non-cryptographic hash with good distribution. For security integrity, I want a cryptographic hash like SHA-256. For passwords, I do not want a fast hash at all; I want bcrypt, scrypt, or Argon2 with salts because the goal is to resist brute force.

In distributed systems, hashing also appears in partitioning and load distribution. Consistent hashing is useful when nodes are added or removed because it minimizes key movement compared with a naive modulo scheme.

The common interview trap is saying hashing is encryption. It is not reversible. It is used for lookup, integrity, identity, or distribution depending on context.

My answer would always start by asking: are we optimizing for speed, security, password safety, or stable distribution?”

Follow-Ups

  • Why are fast hashes bad for passwords?
  • What problem does consistent hashing solve?