A cryptographic hash function takes an input message of any length and produces a fixed-length output, called a message digest or hash, in a way that is designed to be hard to reverse or forge. NIST standardizes such functions in the Secure Hash Standard, FIPS 180-4, which specifies the SHA-1 and SHA-2 family, and in FIPS 202, which specifies SHA-3.
What distinguishes a cryptographic hash from an ordinary (non-cryptographic) hash is a set of security properties. Preimage resistance means that given a digest, it is infeasible to find any input that produces it. Second-preimage resistance means that given one input, it is infeasible to find a different input with the same digest. Collision resistance means it is infeasible to find any two distinct inputs that hash to the same value.
These properties let a digest act as a reliable fingerprint of data. Because even a tiny change to the input produces a completely different digest, hashes are used to verify file and message integrity, to store passwords without keeping the original secret, and to bind data inside digital signatures.
Cryptographic hashes also underpin newer systems such as blockchains, where each block references the hash of the previous one to make tampering detectable. When a hash function’s collision resistance is broken in practice, as happened with older designs, it must be retired from security uses even if it remains adequate as a plain checksum.