Lección 4
Common Hash Mistakes en español
Guía en español para hash common hash mistakes: Avoid typical hash misuse in applications and debugging.
Este contenido todavía no está disponible en español. Se muestra la versión en English mientras completamos la localización.
Hash-related bugs often come from comparing the right idea with the wrong bytes or algorithm.
Storing passwords with plain MD5 or SHA-256
Fast hashes without salt and key stretching are vulnerable to rainbow tables and offline guessing. Password storage needs dedicated password hashing functions and unique salts per user.
Hashing the wrong representation
These are not the same operation:
- UTF-8 text
Hello - The ASCII bytes after trimming whitespace
- A JSON string with different key order
- A file that includes a trailing newline
Always hash the exact byte sequence your system uses.
Treating a hash as a secret
If an attacker knows the input space is small—common passwords, sequential IDs, short config keys—they can brute-force the hash offline. Hashes protect integrity comparisons, not confidentiality of predictable inputs.
Comparing algorithms incorrectly
An MD5 digest will never match a SHA-256 digest of the same input because the algorithms differ. Likewise, uppercase and lowercase hex are usually equivalent, but Base64 and hex representations are not interchangeable without conversion.
Using weak hashes for security decisions
MD5 checksums are fine for spotting accidental file corruption. They are a poor choice for code signing, certificate validation, or tamper evidence against an active attacker.