SecurityCryptographyHash FunctionsMD5SHA-256Developer Tools

Hash Functions Demystified: MD5, SHA-1, SHA-256, and When to Use Each

By Hamid Abderrahim
Hash Functions Demystified: MD5, SHA-1, SHA-256, and When to Use Each

Hash Functions Demystified: MD5, SHA-1, SHA-256, and When to Use Each

Hashing is one of the most used — and most misunderstood — concepts in computer security. Developers use hash functions daily: to verify file integrity, store passwords, generate digital fingerprints, and power data structures like hash maps. Yet many developers reach for MD5 or SHA-1 out of habit without understanding why these older algorithms are no longer considered secure for most purposes.

This guide explains what cryptographic hash functions are, how they work, the important differences between the most common algorithms, and — crucially — which to use for which purpose.

What Is a Hash Function?

A cryptographic hash function takes an input of any length and produces a fixed-length output called a hash, digest, or checksum. The function has four critical properties:

1. Deterministic: The same input always produces the same output. Hash(hello) is always the same value.

2. Fast to compute: Computing the hash of any input takes milliseconds, even for large files.

3. One-way (pre-image resistant): Given a hash output, it is computationally infeasible to reconstruct the original input. You cannot reverse a hash.

4. Avalanche effect: A tiny change in input creates a completely different output. Changing one character in a 1,000-word document produces an entirely different hash.

5. Collision resistant: It should be computationally infeasible to find two different inputs that produce the same hash output.

These properties make hash functions ideal for verifying integrity — if two files have the same hash, they are identical; if the hash differs, the files are different.

MD5 (Message Digest 5)

MD5 was designed by Ron Rivest in 1991 and produces a 128-bit (32 hexadecimal character) digest.

Example:

MD5("hello") = 5d41402abc4b2a76b9719d911017c592

Status: Cryptographically Broken for Security Purposes

MD5 has known collision vulnerabilities. Researchers demonstrated in 2004 that two different inputs could be crafted to produce the same MD5 hash — a collision attack. By 2008, this was exploited in practice to forge SSL certificates, threatening the entire HTTPS trust chain.

MD5 is still acceptable for:

  • Non-security file checksums (verifying a download completed without corruption, when the original hash is trusted)
  • Hash map keys in non-adversarial environments
  • Legacy systems where changing the algorithm is not feasible

MD5 must NOT be used for:

  • Password hashing (never, under any circumstances)
  • Digital signatures
  • Any security-critical integrity verification
  • SSL/TLS certificates

SHA-1 (Secure Hash Algorithm 1)

SHA-1 was designed by the NSA and published in 1995. It produces a 160-bit (40 hexadecimal character) digest.

Example:

SHA-1("hello") = aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d

Status: Deprecated for Security Purposes

In 2017, Google's Project Zero team demonstrated the first real-world collision attack against SHA-1 — the "SHAttered" attack — by producing two different PDF files with identical SHA-1 hashes. Major certificate authorities stopped issuing SHA-1-signed certificates, and browsers marked SHA-1 SSL certificates as untrusted.

SHA-1 is still found in:

  • Git (though Git is migrating to SHA-256)
  • Some legacy systems

SHA-1 must NOT be used for:

  • New security implementations of any kind
  • SSL/TLS certificates
  • Password hashing

SHA-256 (Secure Hash Algorithm 256-bit)

SHA-256 is part of the SHA-2 family, designed by the NSA and published in 2001. It produces a 256-bit (64 hexadecimal character) digest.

Example:

SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Status: Currently Secure — Recommended for Most Uses

No practical attacks against SHA-256 are known. It is the current standard for:

  • File integrity verification (software downloads, package managers)
  • Digital signatures (TLS 1.3, code signing)
  • HMAC (keyed-hash message authentication)
  • Blockchain (Bitcoin uses SHA-256 double-hashing)
  • JWT signature algorithms (RS256, HS256)
  • TLS certificates

SHA-512

SHA-512 is another SHA-2 family member producing a 512-bit (128 hexadecimal character) digest. It offers a larger security margin than SHA-256 but is overkill for most applications. On 64-bit systems, SHA-512 is actually faster than SHA-256 due to its use of 64-bit word operations.

Use SHA-512 when you need maximum security margin or are building systems that must remain secure for decades.

SHA-3

SHA-3 (Keccak) was selected by NIST in 2012 as an alternative to SHA-2, using a completely different internal construction (sponge construction vs. Merkle-Damgård). It is not faster than SHA-2 in software but provides an alternative should SHA-2 ever be weakened.

For most applications today, SHA-256 or SHA-512 is sufficient; SHA-3 is reserved for specialized security requirements.

The Critical Distinction: Hashing vs. Password Hashing

Regular cryptographic hash functions (MD5, SHA-256, etc.) are designed to be fast. This is a feature for file integrity but a critical vulnerability for passwords.

An attacker with a modern GPU can compute billions of SHA-256 hashes per second. Given a stolen database of SHA-256-hashed passwords, an attacker can try every common password and dictionary word in seconds.

For password storage, use purpose-built password hashing algorithms:

  • bcrypt — the industry standard, with configurable work factor
  • Argon2 — winner of the Password Hashing Competition (2015), preferred for new systems
  • scrypt — memory-hard, resistant to GPU attacks

These algorithms are intentionally slow and memory-intensive, making brute-force attacks computationally expensive. Never use MD5, SHA-1, SHA-256, or any fast hash function directly for passwords.

Practical Hash Verification

When you download software, security-conscious vendors publish the SHA-256 hash of each download file. After downloading, you verify the hash matches. If it does, the file is authentic and has not been tampered with during transmission.

Our Hash Generator tool computes MD5, SHA-1, SHA-256, and SHA-512 hashes for any text string or file directly in your browser. No file is ever uploaded — everything is computed locally using the Web Crypto API.

Choosing the Right Hash Algorithm

Use CaseRecommended Algorithm
Password storagebcrypt, Argon2, scrypt (NOT SHA-256)
File integrity checkSHA-256
Digital signaturesSHA-256 or SHA-512
HMAC authenticationSHA-256
SSL/TLS certificatesSHA-256
Non-security checksumsMD5 or SHA-1 (acceptable)
Legacy compatibilityDepends on system — migrate if possible

Summary

Hash functions are essential tools in security and data integrity. The key points:

  • MD5 and SHA-1 are cryptographically broken — avoid them for any security purpose
  • SHA-256 is the current standard for general cryptographic use
  • Password hashing requires bcrypt, Argon2, or scrypt — never use fast hash functions for passwords
  • Hash functions are one-way — you cannot reverse them to get the original input
  • Generate hashes for any input with our Hash Generator tool