Hashes are strings or numbers generated from text that are used to store passwords and check file integrity. Popular hashing algorithms include MD5, SHA-1, and SHA-2, with SHA-256 being recommended when security is important. Digital signatures combine hashing with public key infrastructure to validate the authenticity, integrity, and consent of digital communications. They work by hashing the content, encrypting the hash with a private key, and allowing verification with the corresponding public key.

1. Message Digests
a.k.a. hashes

2. What is a Hash?
A hash is a string or number generated from a string of text. The resulting string or number is a
fixed length, and will vary widely with small variations in input. The best hashing algorithms are
designed so that it's impossible to turn a hash back into its original string.

3. What are hashes used for?
Hashing is an ideal way to store passwords, as hashes are inherently one-way in their nature. By
storing passwords in hash format, it's very difficult for someone with access to the raw data to
reverse it (assuming a strong hashing algorithm and appropriate salt has been used to generate
it).
Hashing is great for usage in any instance where you want to compare a value with a stored
value. Integrity checking of software, downloads, etc.

4. Popular Hashing Algorithms
MD5 - MD5 is the most widely known hashing function. It produces a 16-byte hash value,
usually expressed as a 32 digit hexadecimal number. Recently a few vulnerabilities have been
discovered in MD5, and rainbow tables have been published which allow people to reverse MD5
hashes made without good salts.
SHA - There are three different SHA algorithms -- SHA-0, SHA-1, and SHA-2. SHA-0 is very rarely
used, as it has contained an error which was fixed with SHA-1. SHA-1 is the most commonly used
SHA algorithm, and produces a 20-byte hash value.
SHA-2 consists of a set of 6 hashing algorithms, and is considered the strongest. SHA-256 or
above is recommended for situations where security is vital. SHA-256 produces 32-byte hash
values.

5. What is a Digital Signature?
A digital signature is a mathematical technique used to validate the authenticity and integrity of
a message, software or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security, a digital signature is intended to solve the problem of tampering and
impersonation in digital communications. Digital signatures can provide the added assurances of
evidence to origin, identity and status of an electronic document, transaction or message, as
well as acknowledging informed consent by the signer.

6. How a Digital Signature Works
A hash is created of the communication.
Using PKI, the sender encrypts the hash with their private key.
The receiver decrypts the hash using the senders public key.
The email client then verifies the digital signature hash with a hash of the data received. If it
matches then verified otherwise a problem.