Cryptography  History and Basics
Cryptography  Symmetric Key Algorithms
Cryptography  Asymmetric Key Algorithms
Cryptography  Hash Functions & Digital Signatures
Hash Functions  Definition
Hash functions take a potentially long message as the input and generate a unique output value from the content. The output of a hash function is commonly referred to as the message digest. Hashing is a oneway function and with a properly designed algorithm, there is no way to reverse the hashing process to reveal the original input.
Compare this to encryption (twoway function) which allows encryption and decryption with the proper key or keypair.
Another use case of hash functions is in data structures like hash tables or bloom filters. The goal here is not security but rapid data lookup.
In my posting about password hashing, we had the requirement that the same input provides different outputs (nondeterministic). This is achieved by a random salt and prevents attacks against lowentropy secrets like passwords.
Hash functions in the context of digital signatures are supposed to produce the same output for the same input (deterministic). This enables the recipient of a message to recompute the message digest with the same hash function and compare it to the transmitted digest to verify that the message wasn’t modified in transit. If the message has even a minor difference in spacing, punctuation, or content, the message digest will be completely different.
It is not possible to derive the degree of difference between two messages by comparing the digest. The slightest difference in the input will produce a totally different digest value.
There are five requirements for a cryptographic hash function:

The input can be of any length.

The output has a fixed length.

The hash function is relatively easy to compute for any input.

The hash function is oneway (this means it is extremely hard if not impossible to determine the input from the output).

The hash function is collision free (there can’t be two different messages producing the same hash value).
SHA  Secure Hash Algorithm
The secure hash algorithm SHA and its successors, SHA1, SHA2, SHA3, are government standard hash functions promoted by the National Institute of Standards and Technology (NIST).
SHA1 takes an input of virtually any length and produces a 160bit message. It processes a message in 512bit blocks. If a message length isn’t a multiple of 512bit, the SHA algorithm pads the message with data until the length reaches the next highest multiple of 512bit.
SHA1 is no longer considered secure against wellfunded adversaries. All major web browser manufactures sopped accepting SHA1 SSL certificates in 2017. Google even demonstrated a collision in SHA1.
SHA2 was published in 2001 as a reaction to the weaknesses in SHA1. It includes significant changes from its predecessor and has four major variants:

SHA256 produces a 256bit message digest using a 512bit block size.

SHA224 uses a truncated version of the SHA256 hash and produces a 224bit digest using a 512bit block size.

SHA512 produces a 512bit message digest using a 1,024bit block size.

SHA384 uses a truncated version of the SHA512 hash and produces a 384bit digest using a 1,024bit block size.
The cryptographic community generally considers SHA2 algorithms as secure, but it theoretically suffers from the same weakness as the SHA1 algorithm.
SHA3 was published in 2015, while part of the same series of standards, SHA3 is internally different from the MD5 like structure of SHA1 and SHA2. SHA3 is a subset of the broader cryptographic primitive family Keccak. It was developed as a dropin replacement of SHA2, offering the same variants (SHA3256/SHA3224/SHA3512/SHA3384) and hash lengths but using a more secure algorithm.
MD2  Message Digest
The MD2 MessageDigest Algorithm was developed by Ronald Rivest (yes, the one from Rivest, Shamir, and Adleman aka RSA Security) in 1989 to provide a secure hash function for 8bit processors.
MD2 pads the message to a length of a multiple of 16bit and computes a 16byte(!) checksum which is appended to the end of the input message. Then a 128bit message digest is generated by using the original message along with the appended checksum.
Cryptanalytic attacks against the MD2 algorithm exist and it was even proven that MD2 is not a oneway function. Therefore, it should no longer be used.
MD4 is an enhancement of MD2, was released in 1990 and supports 32bit processors. It increases the security level with an enhanced algorithm.
MD4 pads the message to a length of 64bit smaller than a multiple of 512bits. The MD4 algorithm then processes 512bit blocks of the message in thee rounds of computation to produce a 128bit message digest.
An 8bit message would be padded with 440 additional bits of data to make it 448bits, which is 64bit smaller than a 512bit message.
Several flaws have been found in the MD4 algorithm and therefore it is no longer considered secure. Usage should be avoided if possible.
MD5 was released in 1991 as the next version of the message digest algorithm. It also processes 512bit blocks of the message but uses four rounds of computation to produce the same 128bit message digest length as in MD2 and MD4.
MD5 has the same padding requirements as MD4, the message length must be 64bit less than a multiple of 512bit. MD5 introduced additional security features that reduced the speed of message digest production.
Recent cryptanalytic attacks demonstrated that MD5 is subject to collisions. In 2005 it was demonstrated that two digital certificates from different public keys have the same MD5 hash.
All algorithms in the MD family are no longer accepted as suitable hashing functions. However, they may still be found in use today.
Digital Signatures
With a secure hash function, we can now implement a digital signature system. A digital signature infrastructure has two goals:

Digitally signed messages assure the recipient that the message came from the claimed sender. This provides nonrepudiation.

Digitally signed messages provide the recipient with the assurance that the message was not altered while in transit. This provides protection against malicious (man in the middle) or unintentional (communication interference) modification.
Digital signatures rely on the combination of two concepts, publickey cryptography, and hash functions.
Alice is sending a digitally signed but not encrypted message to Bob:
1: Alice generates a message digest of the original plaintext message using a secure hash function like SHA3512.
2: Alice then encrypts the message digest using her private key. The output is the digital signature.
3: Alice appends the digital signature to the plaintext message.
4: Alice then sends the appended message to Bob
5: Bob removes the digital signature from the appended message and decrypts it with the public key of Alice.
6: Bob calculates the hash of the plaintext message with SHA3512.
7: Bob then compares the decrypted message digest he received from Alice with the message digest Bob computed. If the two digests match, he can be assured that the message he received was sent by Alice.
The digital signature process does not provide any privacy by itself. It only ensures that the cryptographic goals of authentication, integrity, and nonrepudiation are met. If Alice wants to ensure the privacy of her message to Bob, she could encrypt the appended message generated in step 3 with the public key of Bob. Bob then would need to first decrypt the encrypted message with his private key before continuing with step 5.
Digital signatures are used not only for messages but software vendors are often using digital signature technology to authenticate code distribution over insecure networks like the internet. Checksums do not require any encryption key, they are simple digests of fingerprints to represent some kind of data.
HMAC  Hashed Message Authentication
The hashed message authentication code (HMAC) algorithm implements a partial digital signature and guarantees the integrity of a message but it does not provide nonrepudiation.
HMAC relies on the combination of two concepts, privatekey cryptography and hash functions.
HMAC can be combined with any secure hash function such as SHA3. The resulting message authentication code (MAC) is called HMACSHA3. HMAC combines a secret key with a hash function and represents a halfway point between unencrypted use of a message digest algorithm and computationally expensive digital signature algorithms based on publickey cryptography.
HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key will hash the message again themselves, and the received and computed hashes will match if it is authentic.
DSS  Digital Signature Standard
This standard specifies that all federally approved digital signature algorithms must use the SHA3 hashing function. DSS also specifies the encryption algorithms that can be used to support digital signature infrastructure. Currently approved in version 1864 are:

DSA  Digital Signature Algorithm

RSA  RivestShamirAdleman Algorithm

ECDSA  Elliptic Curve DSA
Key Confusion
PublicKey Cryptography and Digital Signatures can be confusing. Encryption, Decryption, Digtital Signatures, and Signature verification all use the same algorithms with different key inputs. Here are a few simple rules:

You encrypt a message with the recipients public key.

You decrypt a message with your own private key.

You digitally sign a message with your own private key.

You verify the signature of a message with the senders public key.