Hash Functions Compared: MD5, SHA-1, SHA-256, and Beyond
Hash functions are used for file integrity, password storage, and digital signatures. This comparison covers the most common algorithms, their security status, and when to use each one in modern applications.
Key Takeaways
- A cryptographic hash function takes input of any size and produces a fixed-size output (the hash or digest).
- MD5 was widely used in the 1990s-2000s but is now cryptographically broken.
- SHA-1 was broken in 2017 by Google's SHAttered attack.
- SHA-256 (part of the SHA-2 family) is the most widely recommended hash function for security applications.
- File checksums (non-security)**: MD5 or CRC32 for speed.
Hash Generator
Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes from text
What Is a Hash Function?
A cryptographic hash function takes input of any size and produces a fixed-size output (the hash or digest). Good hash functions are deterministic, fast, and practically impossible to reverse.
Algorithm Comparison
| Algorithm | Output Size | Security Status | Speed |
|---|---|---|---|
| MD5 | 128 bits | Broken | Very Fast |
| SHA-1 | 160 bits | Broken | Fast |
| SHA-256 | 256 bits | Secure | Medium |
| SHA-3 | 256 bits | Secure | Medium |
| BLAKE3 | 256 bits | Secure | Very Fast |
MD5: Legacy Only
MD5 was widely used in the 1990s-2000s but is now cryptographically broken. Collision attacks can be performed in seconds on modern hardware. Use MD5 only for non-security purposes like file deduplication or cache keys.
SHA-1: Deprecated
SHA-1 was broken in 2017 by Google's SHAttered attack. Git still uses SHA-1 for commit hashes but is migrating to SHA-256. Browsers no longer accept SHA-1 for TLS certificates.
SHA-256: The Current Standard
SHA-256 (part of the SHA-2 family) is the most widely recommended hash function for security applications. It's used in TLS certificates, Bitcoin, file integrity verification, and most modern protocols.
When to Use Each
- File checksums (non-security): MD5 or CRC32 for speed.
- File integrity verification: SHA-256.
- Password hashing: bcrypt, Argon2, or scrypt (not raw SHA-256).
- Digital signatures: SHA-256 or SHA-3.
- High-performance hashing: BLAKE3.
Ferramentas relacionadas
Formatos relacionados
Guias relacionados
JSON vs YAML vs TOML: Choosing a Configuration Format
Configuration files are the backbone of modern applications. JSON, YAML, and TOML each offer different trade-offs between readability, complexity, and tooling support that affect your development workflow.
How to Format and Validate JSON Data
Malformed JSON causes silent failures in APIs and configuration files. Learn how to format, validate, and debug JSON documents to prevent integration errors and improve readability.
Base64 Encoding: How It Works and When to Use It
Base64 converts binary data into ASCII text, making it safe for transmission through text-based systems. Learn when Base64 is the right choice and when alternatives like hex encoding or URL encoding are more appropriate.
Best Practices for Working with Unix Timestamps
Unix timestamps provide a language-agnostic way to represent points in time, but they come with pitfalls around time zones, precision, and the 2038 problem. This guide covers best practices for storing and converting timestamps.
Troubleshooting JWT Token Issues
JSON Web Tokens are widely used for authentication but can be frustrating to debug. This guide covers common JWT problems including expiration errors, signature mismatches, and payload decoding issues.