A cryptographic hash function is a one-way algorithm that takes any input and produces a fixed-size output (a hash or digest) that's practically impossible to reverse, used to verify data integrity rather than to hide and recover information like encryption does.
A cryptographic hash function takes data of any size and crunches it into a fixed-length string of bits called a hash or digest. Feed it a one-word file or a 4GB movie, and you still get an output of the same length (SHA-256 always spits out 256 bits). The key trait is that it's one-way. You can compute the hash from the input, but you can't run the process backward to get the original data out of the hash.
This is what separates hashing from encryption. Encryption (Topic 5.3) is built to be reversed. You encrypt plaintext into ciphertext with a key, then decrypt it back later. Hashing has no key and no "undo" button. It exists to prove that data hasn't changed. Change even one bit of the input and the hash comes out completely different, so comparing two hashes is a fast way to check whether two files are identical. Common cryptographic hash functions you'll see named are MD5, SHA-1, and SHA-256, with SHA-256 being the secure modern choice.
This term lives in Unit 5: Securing Applications and Data, alongside Topic 5.3 (Protecting Stored Data with Cryptography). That topic centers on AP Cybersecurity 5.3.A (how encryption protects files) and 5.3.B (applying symmetric algorithms like AES). Hashing is the natural counterpart to those objectives. Encryption keeps data secret. Hashing keeps data honest. Knowing the difference is exactly the kind of distinction the CED expects you to draw when reasoning about how to protect stored data. The big theme is the CIA triad: encryption serves confidentiality, while hashing serves integrity.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryEncryption and Decryption (Unit 5)
Encryption is two-way (you encrypt, then decrypt back with a key), but a hash function is one-way with no key and no way back. Pairing them in your head is the fastest way to remember what each one is actually for.
Collision Resistance (Unit 5)
A hash function is only 'cryptographic' if it's collision resistant, meaning it's practically impossible to find two different inputs that produce the same hash. When collisions become easy to find, the function is broken, which is exactly why MD5 and SHA-1 were retired in favor of SHA-256.
Checksum (Unit 5)
A checksum is the simple cousin of a cryptographic hash. Both detect accidental changes to data, but a checksum can be deliberately faked, while a cryptographic hash is designed to resist tampering.
AES (Unit 5)
AES is the symmetric encryption algorithm the CED highlights in 5.3.B, and it's the perfect foil for hashing. AES locks data so the right key can unlock it later, while a hash fingerprints data so you can verify it was never altered.
Multiple-choice stems in Unit 5 push you to pick the right cryptographic tool for a goal. Practice questions in this topic ask things like which symmetric algorithm encrypts employee files (AES) or where AES protects data in the real world. Hash functions show up the same way: you'll need to recognize that when the goal is verifying a file hasn't changed (integrity) rather than keeping it secret (confidentiality), the answer is a hash, not encryption. Watch for the trap of picking 'encryption' when the scenario is really about checking that data is unmodified.
Encryption is reversible: you scramble plaintext into ciphertext with a key, then decrypt it back to read it. A hash function is one-way with no key, so you can never recover the original input from the hash. Use encryption to hide data you'll need to read later, and hashing to verify data hasn't been tampered with.
A cryptographic hash function is one-way: you can compute the hash from the input, but you can't reverse the hash to recover the original data.
Hashing produces a fixed-size output (a digest) no matter how big the input is, and changing even one bit of input changes the whole hash.
The point of hashing is integrity (proving data hasn't changed), while the point of encryption is confidentiality (keeping data secret).
A hash function counts as cryptographic only if it's collision resistant, meaning two different inputs basically never produce the same hash.
MD5 and SHA-1 are considered broken; SHA-256 is the secure modern hash function to know.
It's a one-way algorithm that turns any input into a fixed-size output called a hash or digest. You use it to verify that data hasn't changed, not to hide and later recover data the way encryption does.
No. Encryption is reversible with a key so you can decrypt the data back, but hashing is one-way with no key and no way to get the original input back. Encryption protects confidentiality; hashing protects integrity.
Both detect changes to data, but a checksum only catches accidental errors and can be deliberately faked. A cryptographic hash is built to resist tampering, so an attacker can't easily forge a matching hash for altered data.
Because attackers found ways to create collisions, meaning two different inputs that produce the same hash. Once collisions are practical, the function loses its integrity guarantee, which is why SHA-256 is recommended instead.
No, because hashing isn't encryption and there's nothing to decrypt. A hash function is one-way by design, so the original input can't be recovered from the hash.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.