Developer Glossary

MD5

MD5 (Message-Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, typically expressed as a 32-character hexadecimal number. Designed by Ronald Rivest in 1991, MD5 was commonly used for checksums and file integrity verification. However, MD5 is now considered cryptographically broken—collision attacks have been demonstrated, meaning two different inputs can produce the same hash. Do not use MD5 for passwords or security-sensitive applications. It remains useful for non-security purposes such as checksums and cache keys.

SHA-1

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that produces a 160-bit (20-byte) hash value, typically displayed as 40 hexadecimal characters. Published by the National Security Agency (NSA) in 1995, SHA-1 was widely used for digital signatures and certificates. In 2017, researchers demonstrated a practical collision attack, and major browsers now deprecate SHA-1 for TLS certificates. While still used in some legacy systems, SHA-256 or SHA-3 are recommended for new applications requiring cryptographic security.

SHA-256

SHA-256 is a member of the SHA-2 family of cryptographic hash functions. It produces a 256-bit (32-byte) hash value, shown as 64 hexadecimal characters. SHA-256 is widely used for digital signatures, blockchain (including Bitcoin), password hashing (when combined with proper techniques), and certificate verification. It is considered secure against known attacks and is the current standard for many security applications. SHA-256 is part of the same design family as SHA-512 but with a shorter output.

SHA-512

SHA-512 is a member of the SHA-2 family that produces a 512-bit (64-byte) hash value, displayed as 128 hexadecimal characters. It uses 64-bit operations and is faster than SHA-256 on 64-bit systems. SHA-512 offers the same security properties as SHA-256 but with a longer output, providing a larger security margin. Common uses include digital signatures, key derivation (e.g., HMAC), and secure password hashing when combined with algorithms like bcrypt or Argon2.

SHA-3

SHA-3 is a cryptographic hash standard based on the Keccak algorithm, designed by Guido Bertoni, Joan Daemen, and others. Published in 2015, SHA-3 is structurally different from SHA-2 (no Merkle–Damgård construction). It provides the same security levels as SHA-2 (e.g., SHA3-256, SHA3-512) with an alternative design that offers resilience against potential future attacks on SHA-2. SHA-3 is increasingly adopted for new systems requiring long-term cryptographic assurance.

Base64

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII text using 64 printable characters (A–Z, a–z, 0–9, +, /). Each group of 3 bytes (24 bits) is encoded as 4 Base64 characters. Base64 is commonly used to embed images, files, or binary data in JSON, XML, HTML, and email (MIME). It increases data size by roughly 33%. Padding characters (=) are used when input length is not a multiple of 3. Base64 is not encryption—encoded data can be decoded by anyone.

AES

AES (Advanced Encryption Standard) is a symmetric block cipher adopted as a U.S. federal standard in 2001. It supports key sizes of 128, 192, and 256 bits and operates on 128-bit blocks. AES is based on the Rijndael algorithm and is used worldwide for encrypting sensitive data—from TLS and disk encryption to file and message encryption. AES is considered secure against all known practical attacks when used with proper key management and modes of operation (e.g., AES-GCM, AES-CBC with IV).

JWT

JWT (JSON Web Token) is a compact, URL-safe format for representing claims between two parties. A JWT has three parts separated by dots: header (algorithm and type), payload (claims such as user ID, roles, expiry), and signature (for verification). JWTs are commonly used for authentication and authorization—after login, the server issues a JWT that the client sends with subsequent requests. JWTs can be signed (HMAC or RSA) or encrypted (JWE). Never put sensitive data in unencrypted JWTs.

JSON-LD

JSON-LD (JavaScript Object Notation for Linked Data) is a format for embedding structured data in web pages. It uses a @context to link to Schema.org or other vocabularies, enabling search engines to understand content—organization, products, articles, local business, etc. JSON-LD is placed in a script tag with type="application/ld+json". Google, Bing, and others use it for rich snippets and knowledge panels. Unlike microdata or RDFa, JSON-LD is easy to add and doesn't require HTML changes.

JSON

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It supports objects (key-value pairs), arrays, strings, numbers, booleans, and null. JSON is human-readable, language-independent, and widely used for APIs, configuration files, and web applications. It originated from JavaScript but is now supported by virtually all programming languages. JSON does not support comments, trailing commas, or undefined. Common file extension is .json.

UUID

UUID (Universally Unique Identifier) is a 128-bit identifier standardized by RFC 4122. A UUID is typically displayed as 32 hexadecimal digits in five groups (8-4-4-4-12), e.g., 550e8400-e29b-41d4-a716-446655440000. UUIDs are designed to be unique without central coordination, making them suitable for distributed systems, database primary keys, and session IDs. Version 4 (random) UUIDs are the most common—they use random or pseudo-random bits. UUIDs are practically unique; collision probability is negligible.

bcrypt

bcrypt is a password hashing function designed by Niels Provos and David Mazières. It is based on the Blowfish cipher and includes a built-in salt and configurable cost factor (work factor), making it resistant to brute-force and rainbow table attacks. As hardware improves, the cost factor can be increased to keep hashing slow enough. bcrypt is widely recommended for storing user passwords. Unlike MD5 or SHA-256 alone, bcrypt is intentionally slow and designed for password storage.

QR Code

A QR Code (Quick Response Code) is a two-dimensional barcode that can store text, URLs, contact info, or other data. Invented in Japan in 1994, QR codes are read by smartphone cameras and dedicated scanners. They use a pattern of black and white squares on a grid and can hold up to several hundred characters depending on version and error correction level. QR codes support error correction, allowing partial damage without losing data. Common uses include payment apps, marketing, and ticketing.

Cron

Cron is a time-based job scheduler in Unix-like systems. A cron expression defines when a task runs using five (or six) fields: minute, hour, day of month, month, day of week, and optionally second. For example, '0 9 * * *' means 9:00 AM every day. Cron is used for backups, reports, cleanup, and scheduled scripts. Many cloud and CI/CD systems support cron-style schedules. Understanding cron syntax helps configure automated tasks in servers, databases, and application platforms.

Regular Expression

A regular expression (regex or regexp) is a sequence of characters that defines a search pattern. Used for string matching, validation, search-and-replace, and parsing. Common metacharacters: . (any), * (zero or more), + (one or more), ? (optional), [] (character class), () (group), | (alternation). Different flavors exist (JavaScript, PCRE, Python). Regex is powerful but can be complex and prone to edge cases. Use for validation, log parsing, text editors, and search tools.

Markdown

Markdown is a lightweight markup language for formatting plain text. Created by John Gruber in 2004, it uses simple syntax: # for headings, ** for bold, * for italic, - or * for lists, [text](url) for links. Markdown is widely used for README files, documentation (GitHub, GitLab), blogs, and note-taking. Flavors like GitHub Flavored Markdown (GFM) add tables, task lists, and syntax highlighting. Markdown converts to HTML for web display.

URL Encoding

URL encoding (percent-encoding) converts characters into a format safe for use in URLs. Reserved and non-ASCII characters are replaced by % followed by two hexadecimal digits (e.g., space becomes %20). The plus sign (+) traditionally represents space in query strings. URL encoding is used when passing parameters, building query strings, or including special characters in paths. Decoding reverses the process. Browsers and servers handle encoding automatically, but manual encoding is needed when constructing URLs programmatically.

YAML

YAML (YAML Ain't Markup Language) is a human-readable data serialization format. It uses indentation for structure, supports key-value pairs, lists, and nested structures. Common in configuration files (Docker, Kubernetes, Ansible, GitHub Actions). YAML supports comments, multi-line strings, and anchors for reuse. Compared to JSON, YAML is more compact and readable but can have subtle parsing differences. YAML is a superset of JSON—valid JSON is valid YAML.

CSV

CSV (Comma-Separated Values) is a simple file format for storing tabular data. Each line is a row; fields are separated by commas (or semicolons in some locales). CSV has no formal standard—variations exist for delimiters, quoting, and escaping. Widely used for data export, spreadsheets, and data interchange. CSV does not support types or nested structures. When values contain commas, they are typically wrapped in quotes. UTF-8 is the common encoding.

HTML Entities

HTML entities are escape sequences for reserved or special characters in HTML. For example, &lt; represents <, &gt; represents >, &amp; represents &. Entities prevent interpretation issues (e.g., < in text being parsed as a tag) and allow displaying characters not on the keyboard. Named entities (e.g., &nbsp;, &copy;) and numeric entities (&#160;, &#xa0;) exist. Encoding converts characters to entities; decoding reverses it. Used when displaying user input safely or including special symbols.

Base32

Base32 is a binary-to-text encoding that uses 32 characters (A–Z and 2–7), defined in RFC 4648. It encodes 5 bits per character, expanding data by about 60%. Base32 is case-insensitive (when using the standard alphabet) and avoids easily confused characters like 0, O, 1, I. Used in TOTP (Google Authenticator), DNS, and some APIs. Base32 produces longer output than Base64 but is useful when case sensitivity or certain characters must be avoided.

TripleDES

TripleDES (3DES or TDEA) is a block cipher that applies the DES algorithm three times to each data block. It was designed to extend the life of DES when its 56-bit key became too weak. TripleDES supports 168-bit effective key length (or 112 bits in two-key mode). Still used in legacy systems and some payment card standards, TripleDES is being phased out in favor of AES. NIST has deprecated 3DES for new applications since 2017.

Rabbit

Rabbit is a stream cipher designed by Martin Boesgaard, Mette Vesterager, and others. It was one of the finalists in the eSTREAM project. Rabbit uses a 128-bit key and 64-bit IV, producing a keystream in 128-bit blocks. It is fast in software and suitable for resource-constrained environments. Rabbit is less common than AES but is used in some embedded and real-time systems. CryptoJS includes Rabbit for JavaScript-based encryption.

llms.txt

llms.txt is a plain text file at the root of a website (e.g. example.com/llms.txt) that helps AI systems understand and represent your business or project. The specification (v1.1.1) requires: an H1 name, blockquote summary, and Contact section. Recommended sections include Services, Key Information, and AI Discovery Files. Written in Markdown, llms.txt improves how LLMs describe your entity and can enable sitelinks or rich results in AI search interfaces.

MCP (Model Context Protocol)

The Model Context Protocol (MCP) is an open standard that lets AI models connect to external tools and data sources. Developed by Anthropic, MCP defines how servers expose tools (with name, description, and JSON Schema input), how clients discover and call them, and supports transports like stdio and HTTP/SSE. Used by Cursor, Claude Desktop, and other AI apps to extend capabilities—e.g., file access, web search, database queries. Each MCP tool has an inputSchema following JSON Schema.

RIPEMD-160

RIPEMD-160 is a 160-bit cryptographic hash function developed in Belgium in 1996. It was designed as a stronger alternative to MD5 and SHA-1. RIPEMD-160 produces a 40-character hexadecimal output. It is used in Bitcoin and other cryptocurrencies for address generation (combined with SHA-256). While not as common as SHA-256, RIPEMD-160 remains unbroken and is part of the OpenPGP standard. Consider SHA-256 for general-purpose hashing unless compatibility requires RIPEMD-160.