Hash Functions Explained: MD5, SHA-256, and When to Use Each
Published on June 4, 2026
Hash functions are one of the fundamental building blocks of modern computing and cybersecurity. Every time you download a file, log into a website, or check the integrity of a backup, a hash function is likely working behind the scenes. Despite their importance, hash functions are often misunderstood. What exactly is a hash? How do MD5, SHA-1, SHA-256, and SHA-512 differ? And why do security experts keep warning people to stop using some of them? In this guide, we will demystify hash functions, compare the most common algorithms, and help you choose the right one for your needs.
What is a Hash Function?
A hash function is a mathematical algorithm that takes an input of any size, whether a single character or an entire movie, and produces a fixed-length output called a digest or hash value. This output is essentially a digital fingerprint of the original data. Good hash functions share several key properties that make them useful for security and data integrity applications.
The first property is determinism. The same input always produces the same hash. If you hash the word "password" with SHA-256, you will get the same 64-character hexadecimal string every single time, on any computer, in any programming language. This consistency is what makes hashing useful for verification.
The second property is preimage resistance, also known as one-wayness. Given a hash value, it should be computationally infeasible to reverse it and determine the original input. This is what makes hashing suitable for storing passwords. Even if an attacker steals the hash database, they cannot easily recover the actual passwords.
The third property is avalanche effect. A tiny change in the input, like changing a single bit, should produce a completely different hash that bears no resemblance to the original. This property makes hash functions sensitive to even the smallest modifications, which is essential for integrity checking. If you hash a file and then change one character, the new hash will look entirely unrelated to the original.
The fourth property is collision resistance. It should be extremely difficult to find two different inputs that produce the same hash output. No hash function is truly collision-free, since there are infinitely many possible inputs and a finite number of possible outputs, but a cryptographically secure hash function makes finding collisions practically impossible with current technology.
Hash Algorithm Comparison Table
The following table compares the most widely used cryptographic hash functions across key characteristics. Understanding these differences is essential for choosing the right algorithm for your use case.
| Algorithm | Output Size | Year Introduced | Security Status | Common Uses |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex chars) | 1992 | Broken, collision attacks demonstrated | Checksums for non-security use, legacy systems |
| SHA-1 | 160 bits (40 hex chars) | 1995 | Deprecated, collision attacks since 2017 | Git commit IDs, legacy certificate signatures |
| SHA-256 | 256 bits (64 hex chars) | 2001 | Secure (as of 2026) | Password hashing, SSL/TLS, file integrity, blockchain |
| SHA-512 | 512 bits (128 hex chars) | 2001 | Secure | High-security applications, digital signatures |
| SHA-3 | 224/256/384/512 bits | 2015 | Secure (latest standard) | Future-proof applications, new systems |
When NOT to Use MD5
MD5 was once the most widely used hash function on the internet, but those days are long over. Security researchers demonstrated practical collision attacks against MD5 as early as 2004, and by 2008, researchers showed they could create a rogue Certificate Authority certificate using MD5 collisions, which forced browsers to deprecate MD5-based certificates. Today, using MD5 for any security-sensitive purpose is considered irresponsible.
The problem with MD5 is that collisions can be generated in seconds on consumer hardware. A collision attack allows an attacker to produce two different files that have the same MD5 hash. If you use MD5 to verify file integrity, an attacker could substitute a malicious file that produces the same hash as the legitimate one, and your integrity check would pass. This makes MD5 completely unsuitable for digital signatures, certificate verification, and any application where security is a concern.
That said, MD5 is not entirely useless. It is still sometimes used for non-security checksums, such as verifying that a download was not corrupted during transfer (as opposed to verifying it was not tampered with). It is also used internally by some legacy systems and databases for operations where collisions are not a practical threat, such as partitioning data across multiple databases. However, even in these cases, SHA-256 is just as fast and does not carry the same stigma. There is rarely a good reason to choose MD5 over SHA-256 in new development.
SHA-1 occupies a similar position, though its deprecation is more recent. In 2017, Google and the CWI Institute demonstrated the first practical SHA-1 collision attack, known as SHAttered. Since then, most browsers have stopped accepting SHA-1 certificates, and Git has been moving toward using SHA-256 as its default hash algorithm. If you are still using SHA-1 in any new system, you should migrate to SHA-256 or SHA-3 as soon as possible.
Real-World Hash Applications
Hash functions appear in so many different contexts that most computer users interact with them dozens of times a day without realizing it. Here are some of the most important real-world applications.
Password storage. When you create an account on a website, the site should never store your password in plain text. Instead, it hashes your password and stores the hash. When you log in, the site hashes your input again and compares it to the stored hash. If the hashes match, you provided the correct password. Modern systems use slow, salted hash functions like bcrypt, Argon2, or PBKDF2 rather than plain SHA-256, because fast hashes can be brute-forced too quickly.
File integrity verification. Software download pages often display SHA-256 checksums next to download links. After downloading a file, you can compute its hash and compare it to the published checksum. If they match, the file is identical to what the publisher distributed. This protects against both accidental corruption and intentional tampering. Most operating systems include command-line tools for computing hashes, and online tools like the ToolBox Hash Generator make it easy to verify files in the browser.
Digital signatures and certificates. When your browser connects to a secure website (HTTPS), the server presents a digital certificate. That certificate is signed by a Certificate Authority using a hash function combined with encryption. The hash ensures that any tampering with the certificate will be detected. This is why the deprecation of MD5 and SHA-1 for certificates was so important: attackers could forge certificates if they could find collisions.
Blockchain and cryptocurrencies. Bitcoin uses SHA-256 extensively, both for creating new blocks (mining) and for transaction verification. The security of the entire Bitcoin network rests on the collision resistance of SHA-256. If someone could find collisions in SHA-256, they could potentially double-spend coins or disrupt the blockchain. This is why the hash functions used in cryptocurrencies are chosen with extreme care.
Data deduplication. Storage systems use hashing to identify duplicate data. Before storing a file, the system computes its hash and checks whether that hash already exists in storage. If it does, the system stores a pointer to the existing data instead of a new copy. This technique is used by backup systems, cloud storage providers, and version control tools.
Best Practices for Using Hash Functions
Choosing and using hash functions correctly requires attention to context. A hash that is perfect for one application may be completely wrong for another. Here are the guidelines you should follow.
Always use SHA-256 or SHA-3 for new projects. Unless you have a very specific reason to choose something else, SHA-256 is the default choice for almost all hashing needs. It offers a good balance of speed, security, and output size. SHA-3 is equally secure and is the most recent NIST standard, but it has not yet seen as widespread adoption. Both are excellent choices.
Never use MD5 or SHA-1 for security. Despite their continued presence in legacy systems, these algorithms are broken and should not be used for any security-sensitive operation. If you are maintaining a legacy system that uses MD5 or SHA-1, prioritize migrating to SHA-256. If you need interoperability with an existing system that uses a broken hash, make sure you understand the risks and have compensating controls in place.
Use dedicated password hashing functions for passwords. SHA-256 is a general-purpose cryptographic hash that is designed to be fast. For password storage, fast is the enemy of security. Use a password-specific hashing function like bcrypt, Argon2, or PBKDF2. These functions are deliberately slow and include a salt, which makes brute-force attacks far more expensive. The ToolBox Password Generator can help create strong passwords, but storing them securely requires a proper password hash.
Verify hashes from trusted sources. A checksum is only useful if you trust where it came from. If an attacker can modify both the download page and the checksum, the hash provides no protection. Always verify hashes from a source that is independent of the download itself. Many software publishers publish checksums on separate pages or sign their checksums with a GPG key to establish authenticity.
Frequently Asked Questions
Can two files have the same hash?
Yes, this is called a collision. Because hash functions produce a fixed-length output from a variable-length input, there are infinitely many possible inputs for every possible output. A collision occurs when two different inputs produce the same hash. A secure hash function makes finding collisions computationally infeasible, but they theoretically exist for every hash function.
Is SHA-256 still secure in 2026?
Yes, SHA-256 remains secure as of 2026. No practical collision attacks or preimage attacks have been demonstrated against SHA-256. It continues to be recommended by NIST and is widely used across the industry, including in SSL/TLS, blockchain, and government systems. SHA-3 is available as a more modern alternative, but SHA-256 is not expected to be deprecated anytime soon.
What is the difference between hashing and encryption?
Hashing is a one-way process. Once data is hashed, you cannot recover the original input from the hash. Encryption is a two-way process: encrypted data can be decrypted with the correct key. Hashing is used for integrity verification and password storage. Encryption is used for confidentiality, keeping data secret from unauthorized parties. They serve different purposes and should not be confused.
How do I generate a hash of a file?
Most operating systems include built-in tools. On Linux and macOS, use the sha256sum command followed by the filename. On Windows, use certutil -hashfile filename SHA256 in Command Prompt. Alternatively, you can use an online tool like the ToolBox Hash Generator, which supports MD5, SHA-1, SHA-256, and SHA-512 in a simple web interface.
Hash functions are an indispensable tool in modern computing. Whether you are verifying a download, securing user passwords, or building a blockchain, understanding how they work and which one to use will help you make better security decisions and build more reliable systems.
Try Our Free Tools
These tools will help you work with hashing, encoding, and security in your projects.
- Hash Generator - Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly.
- Password Generator - Create strong, random passwords for enhanced security.
- Base64 Encoder - Encode text or data to Base64 format for secure transmission.
- UUID Generator - Generate unique UUIDs for identifiers and keys.