Start of change

HASH_MD5, HASH_SHA1, HASH_SHA256, and HASH_SHA512

The hashing functions return a 128-bit, 160-bit, 256-bit, or 512-bit hash of the input data, depending on the algorithm selected.

Read syntax diagramSkip visual syntax diagram HASH_MD5HASH_SHA1HASH_SHA256HASH_SHA512 ( expression )
expression
An expression that represents the string value to be hashed. This expression can return any built-in or distinct data type. A distinct type is treated as its source data type. If the value is numeric or datetime, it is implicitly cast to VARCHAR before the function is evaluated. If the value is XML, an implicit XMLSERIALIZE to CLOB(2G) CCSID 1208 is performed before the function is evaluated.
Table 1 shows information about each supported algorithm.
Table 1. Hash algorithms
Function name Algorithm Result size Number of return values Result length Corresponding algorithm value for use in the HASH function
HASH_MD5 MD5 128 bit 2128 16 0
HASH_SHA1 SHA1 160 bit 2160 20 1
HASH_SHA256 SHA-256 256 bit 2256 32 2
HASH_SHA512 SHA-512 512 bit 2512 64 3

The data type of the result is BINARY with the result length determined by the function name as shown in Table 1.

If the argument can be null, the result can be null. If the argument is null, the result is the null value.

Notes

Whitespace affects the hash; a fixed length character string with trailing blanks will generate a different result than a varying length character string that has no trailing blanks. The CCSID of expression can cause strings that compare as equal to generate different result values.

Security flaws have been identified in both the SHA1 and MD5 algorithms. You can find acceptable hash algorithms in applicable compliance documentation, such as National Institute of Standards and Technology (NIST) Special Publication 800-131A.

Syntax alternative: The HASH function with a single argument is similar to HASH_MD5. A second argument can be specified for HASH to indicate the algorithm to use. The algorithm values are shown in Table 1. The second argument can be an expression that must return a value of any built-in numeric, character-string, or graphic-string data type. A string argument is converted to integer before evaluating the function. The result data type for HASH is VARBINARY. If there is only one argument, the length attribute of the result is 16. If the second argument is specified by an integer constant, the length attribute of the result is the result length shown in Table 1. Otherwise, the length attribute of the result is 64. If either argument can be null, the result can be null. If either argument is null, the result is the null value.

Examples

  • Use the MD5 algorithm to generate hashed data.
      VALUES HEX(HASH_MD5('ABCDEFGHIJKLMNOPQRSTUVWXYZ'))
    The following value is returned:
    5156BECBC019E3F0F9520B143435427E
  • Use the SHA1 algorithm to generate hashed data.
      VALUES HEX(HASH_SHA1('ABCDEFGHIJKLMNOPQRSTUVWXYZ'))
    The following value is returned:
    55324E3DD1FA95040F65709D193E82575237EF86
  • Use the SHA-256 algorithm to generate hashed data.
      VALUES HEX(HASH_SHA256('ABCDEFGHIJKLMNOPQRSTUVWXYZ'))
    The following value is returned:
    011F7AD1ECD8E5A4CC8533D1ECD497DC5D95E848B14F8BCFD56A73D7F41843E2
  • Use the SHA-512 algorithm to generate hashed data.
      VALUES HEX(HASH_SHA512('ABCDEFGHIJKLMNOPQRSTUVWXYZ'))
    The following value is returned:
    D8AC4B838921A83C4207B62B8B63628F8FBE836EB012167310331FFC070FC977D224F39148
  8806CB1FE2AA9C8C739E5104CAD1C4C6E97967DA6223D657CD9295
End of change