What Is a Hash Function? Explained
A hash function maps input of any size to a fixed-size value, deterministically producing the same output for the same input every time.
A hash function is a one-way fingerprinting machine: feed it any data and it returns a short, fixed-size value that uniquely represents that data. The same input always yields the same hash, but you cannot run it backward to recover the input. Hash functions sit underneath checksums, caches, signatures, and most of the integrity machinery in CI.
What a hash function is
A hash function takes input of arbitrary size and produces a fixed-size output called a digest. It is deterministic, so identical input always maps to the same digest. A good hash spreads outputs evenly, so even a one-byte change in the input produces a wildly different digest.
Properties of cryptographic hashes
Cryptographic hash functions add guarantees: they are one-way (you cannot derive the input from the digest), collision-resistant (you cannot find two inputs with the same digest), and avalanche-prone (small input changes fully scramble the output). These properties make them safe for security uses.
Hashing versus encryption
Hashing is not encryption. Encryption is reversible with a key; hashing is deliberately one-way and keyless. You hash to fingerprint and verify, not to hide data you intend to recover. Confusing the two leads to mistakes like trying to "decrypt" a hash, which is impossible by design.
Hash functions in CI
CI uses hashes for cache keys (hash the lockfile so the cache invalidates when dependencies change), content addressing (identify artifacts and images by their hash), and integrity verification (compare a downloads hash to a known value). They make pipelines both faster and more trustworthy.
# Hash inputs to build a precise cache key
steps:
- uses: actions/cache@v4
with:
path: .cache
key: build-${{ hashFiles('**/*.lock') }}Latchkey note
Latchkey caching is content-addressed: cache entries are keyed and validated by hashing their inputs, so a cache hit means the inputs truly match - the same hash-function principle that keeps cached builds correct.
Key takeaways
- A hash function deterministically maps any input to a fixed-size digest.
- Cryptographic hashes are one-way, collision-resistant, and avalanche-prone, making them safe for security.
- CI uses hashing for cache keys, content addressing, and integrity verification.