Somethings we need to utilize hashing algorithms in Ruby and/or Rails. Examples of this include verifying file integrity, hashing passwords, and much more. In this brief article we will show you how to hash data in various formats. Let's get started.

Notes About Hashing

Before we get to the hashing a quick thing must be said about the concept of brute forcing a hash. Brute forcing a hash is the concept of attempting to 'guess' at the hashed data by calculating the hash of millions of combinations of strings in an attempt to figure out the correct data. The weaker a hashing algorithm is, the easier it is to brute force the hash to guess the correct data. For example, A modern day multi GPU machine can brute force BILLIONS of MD5 hashes per second.

Also, while we do mention passwords below, it's better you leave the password hashing up to bcrypt when possible. Not hashing passwords correctly (for example: not using a salt) can lead to the easy brute forcing of passwords even when using a complex algorithm. It's not always possible to use bcrypt however (for example, when dealing with an existing database) so in those scenarios regular hashing comes in handy.

Calculating an MD5 Hash

The venerable MD5 algorithm is an older and simpler hashing algorithm. Please note that MD5 is considered insecure due to the fact it can be brute forced relatively quickly, so you should use this algorithm with extreme care. To use MD5, simply use the following code.

hash = Digest::MD5.hexdigest("this is a test") # => "54b0c58c7ce9f2a8b551351102ee0938"

Calculating a SHA-1 Hash

SHA-1 hashes are much more secure. SHA-1 can be used for passwords and file hashing, but it's recommended that you move to SHA-2 (SHA256, SHA384, and SHA512) as soon as you can as they are even more secure. SHA-1 is also an excellent choice for maintaining file integrity.

<pre class="prettyprint">
hash = Digest::SHA1.hexdigest("this is a test") # => "fa26be19de6bff93f70bc2308434e4a440bbad02"

Calculating a SHA-2 hash: SHA256, SHA384, and SHA512

SHA-2 includes a number of different digest lengths, with SHA-512 in theory being the most secure. Calculating these hashes is just as easy.

Digest::SHA256.hexdigest("this is a test") # => "2e99758548972a8e8822ad47fa1017ff72f06f3ff6a016851f45c398732bc50c"

hash = Digest::SHA384.hexdigest("this is a test") # => "43382a8cc650904675c9d62d785786e368f3a99db99aeaaa7b76b02530677154d09c0b6bd2e21b4329fd41543b9a785b"

hash = Digest::SHA512.hexdigest("this is a test") # => "7d0a8468ed220400c0b8e6f335baa7e070ce880a37e2ac5995b9a97b809026de626da636ac7365249bb974c719edf543b52ed286646f437dc7f810cc2068375c"

That's it! Thanks for reading!