SHA stands for Secure Hash Standard. It is a one way cryptographic algorithm. You can input any data to the function and it will output a “unique” hash number representing that data and there is theoretically no way of reversing the algorithm to get the data from this hash. SHA-1 was the first of these standards and produces a hash of 160 bits. But this was not enough after some time and SHA-2 came around and could produce several different outputs for future proofing, among other 256 bit and 512 bit output. But even this turned out to be too little so SHA-3 came along with an arbitrary length output. To distinguish between these different variants of the same algorithm we tend to call SHA-2 for SHA-256 or SHA-512 depending on the variant used and SHA-3 is called SHA3-256, SHA3-512 or say SHA-1024.

It’s a cryptographic hash function, it basically assigns a unique but seemingly random number to anything you give the function

so for example you can take the sha 256 of a program and if someone has the same number it means they have the same program without sending everything

SHA 1 the secure hash algorithm version 1, generated a 160 bit number, however it’s pretty old and people have figured out that it is possible to trick it and forge a file that has the same sha1 as another file, which means it’s not as secure

SHA 256 generates a 256 bit number and it’s considered very secure and basically impossible to tamper with

To simplify this further.
It’s basically math that looks at the program, runs it through a very complex equation and then spits out the answer. If the program is the same down the hexadecimal(parts that computers read, not quite binary but close), then it will have the same answer. The answer is what you use to compare to a known value to make sure the program is the same and has not been tampered with.

Like a finger print sort of.

A huge over simplification would be instead of sending a full phone number, you could ask “Hey, if you multiply the numbers of the phone number together do then divide them by your secret number do you get 3082877913?”
If yes, then it’s probably the same number.
But with computers, the numbers are huge and the math is very very complex.

It’s a one way algorithm meaning you *shouldn’t* be able to use the output numbers, to tell anything about the program or the algorithm. Meaning that the input, should not predictably change the output numbers. Though SHA-1 has been cracked for years.
For example, “X+2=Y”, and then Y=4 you can tell that X is 2. If you add 1 to X, then the output would change to 5.
Ideally, you would have no idea how to make to predictably change Y, because if you can predictably change the output, you can theoretically replace any program or picture, verified with SHA with another.

SHA-1 as said before, is relatively simple. Spits out 20(If I remember correctly) numbers. Broken a long while ago.

SHA-256 spits out 64 and has a much larger algorithm. Still secure as far as I know.

It’s a hash. Think about the number:

1098710329581263501982375122304965872340698273464326323509283752039857230958725

Now is that the exact right number we want? How do we check? Well we could send you the exact same number, or we could sum up all the digits together and just send that. If I send you this special number, and tell you the JustAddTheDigitsTogetherHash for my special number is 9. Then you can tell if I sent you the right number. But with this terribly simple hash, any number has a 1 out of 10 chance of yeilding 9. SHA1 was the first in it’s line. The second included SHA256 which uses 256 bits.

You can run a hash on just about anything and get a number out that lets you identify it later. Using hashes on viruses let’s us know when a program is a among a list of known viruses with known hashes. (offer not available for polymorphic code).

Secure Hashing Algorithm. Essentially a complicated one-way math function, which takes an arbitrarily-sized input (in this case, an entire file on a computer) and creates a specific random-looking output. Importantly, it’s not *truly* random, if you give it the same input, you’ll get the same output every time, but you change anything at all and the output changes completely.

The reason you do this for something like a virus check is so you can know that a piece of software hasn’t been changed; if anything is changed about it, you’d get a different hash from what you expect.

SHA-1 and SHA-2 were older standards, SHA-256 is the current standard, which ought to hold up a heck of a lot longer even with more and more powerful computers. With SHA-1 and 2, it’s possible to deliberately change a file in such a way that you get the same output from the altered version as the original, meaning you can insert malware and still have the same hash.

It’s a hash, which is a unique string that can only be associated to a specific file. To determine if a file really is the exact same file from a trusted source and not something malicious pretending to be one, you can check the hash using a program or yourself.

The Secure Hash Algorithm (SHA) is a family of hashes. SHA-1 and SHA-256 are different hash types and would give different hashes for the same file.

I might be wrong.

When you download things, you want to know for certain that what you’re downloading really is what you expect it to be.

It’s possible that when you download something from a website, as the data streams through the Internet pipes from that website to your computer, someone malicious could intercept your download, tamper with it, and send you something else. Or, perhaps the sender was hacked and the hacker modified their website to send you a malicious file instead of the one you actually wanted. And if that was the end of it, you’d have no way to know that either of these have happened.

There’s a kind of program you can use where you dump raw data into it, and it will crunch up and scramble that data and spit out… some random-looking garbage. It has a name, but for now I’ll just call it the “data shredder”. There are two interesting things about these kinds programs that are relevant: 1) when you feed the same data into the data shredder over and over, the same exact garbage will come out every single time, and 2) changing the input data even just a *little* will *completely* change the output garbage, in a way that can’t be easily predicted ahead of time.

We can use the data shredder program to our advantage here. Say the website you’re downloading from takes that download and runs it through the data shredder. They take the garbage and post it on their website for all to see. Then, you visit the website and download the program. Once it’s downloaded, you can run the stuff you got through the same data shredder program on your own computer. If the garbage that comes out matches the garbage on the website, you can be reasonably confident that your downloaded data wasn’t tampered with. If it was, even just a little bit, the garbage would be completely different. You’d definitely be able to tell.

The proper name for these garbage shredder programs (or at least, the inner parts that make them work) is a “hashing algorithm”, and the garbage they kick out is called a “hash”. There are many different kinds of hashing algorithms tailored to different kinds of needs. SHA1 and SHA256 are just two of the many kinds. SHA1 is the weaker of the two–a very smart person with very powerful tech and a very careful plan could defeat it–but it takes less computational power to run, which weaker devices might appreciate (this isn’t really a relevant problem for recent tech you’d probably be using). SHA256 is bigger, beefier, and stronger, but it’s slightly harder to run. Your example website gives people the choice of which one they want to use. The less secure faster one is there if you aren’t too concerned or need the efficiency, and the more secure slower one is there if you want to be extra sure.