Hash functions are one of those foundational computing concepts that show up everywhere — file integrity checks, password storage, digital signatures, API authentication, blockchain — but the choice of which hash to use is often made without understanding what actually differs between them.
Let me explain the practical differences clearly.
What a Hash Function Does
A hash function takes an input of any length and returns a fixed-length output (the "hash" or "digest"). The key properties:
- Deterministic — the same input always produces the same output
- One-way — you cannot reverse the hash to recover the original input
- Avalanche effect — changing one character in the input completely changes the output
- Collision resistant — two different inputs should not produce the same hash (though collisions are mathematically possible)
The output length and collision resistance are what differ between algorithms.
The Main Algorithms
MD5 (128-bit output, 32 hex characters)
MD5 produces a 128-bit digest, displayed as 32 hex characters:
md5("hello") = 5d41402abc4b2a76b9719d911017c592
Status: Cryptographically broken. Collisions (two different inputs with the same hash) can be generated in seconds. MD5 is no longer suitable for any security-sensitive use case.
Still used for: Non-security checksums — verifying a file download wasn't corrupted in transit (corruption is accidental, not adversarial). Some legacy systems and database deduplication where collision attacks are not a concern.
Never use for: Password hashing, digital signatures, certificate fingerprinting, or any context where an attacker could craft a collision.
SHA-1 (160-bit output, 40 hex characters)
sha1("hello") = aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
Status: Deprecated. Google demonstrated a practical SHA-1 collision attack in 2017 ("SHAttered"). Most certificate authorities stopped issuing SHA-1 certificates years ago, and major browsers no longer accept them.
Still used for: Git commit hashes (Git uses SHA-1 internally for object IDs — collision resistance for Git's use case is sufficient but Git is slowly migrating to SHA-256). Legacy systems.
Never use for: TLS certificates, code signing, password hashing, or anything security-critical.
SHA-256 (256-bit output, 64 hex characters)
sha256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Status: Current standard. Use this for most things.
SHA-256 is part of the SHA-2 family and has no known practical vulnerabilities. It's used in:
- TLS certificates (HTTPS)
- Code signing
- JWT signatures (HS256, RS256)
- Bitcoin blockchain
- HMAC authentication (HMAC-SHA256)
- File integrity verification
When to use it: Any time you need a secure cryptographic hash for production use and don't have a specific reason to choose otherwise.
SHA-512 (512-bit output, 128 hex characters)
SHA-512 produces a longer digest and is slightly faster than SHA-256 on 64-bit processors for large inputs, due to its 64-bit word operations. The practical difference in security is negligible for most applications — both are currently unbroken.
Use when: You need a longer digest for protocol compatibility, or you're hashing very large files and can benchmark a performance difference.
SHA-3 (variable output)
SHA-3 (Keccak) is NIST's third-generation hash standard, with a fundamentally different internal structure from SHA-2. It's not faster than SHA-256 in most cases, but its different construction provides defence-in-depth if a theoretical attack on SHA-2's Merkle–Damgård structure were discovered.
Use when: Your threat model specifically requires defence against SHA-2 structural attacks, or a protocol requires SHA-3.
What Not to Use for Password Hashing
None of the above algorithms — including SHA-256 — should be used directly for storing passwords. They're all too fast.
An attacker with a GPU can compute billions of SHA-256 hashes per second, making dictionary and brute-force attacks trivial against a database of hashed passwords.
Use purpose-built password hashing algorithms instead:
- bcrypt — deliberately slow, work factor adjustable
- Argon2 — NIST recommended, resistant to GPU attacks, won the Password Hashing Competition
- scrypt — memory-hard, makes GPU attacks expensive
These algorithms are specifically designed to be slow and computationally expensive, so brute-forcing a leaked password database takes years rather than hours.
Practical Verification Example
When you download software from the internet, many sites provide a SHA-256 hash of the file. After downloading, you verify it locally:
# Linux / macOS
sha256sum downloaded-file.zip
# macOS alternative
shasum -a 256 downloaded-file.zip
# Windows PowerShell
Get-FileHash downloaded-file.zip -Algorithm SHA256
If the output matches the hash on the download page, the file arrived intact and unmodified.
Quick Reference
| Algorithm | Output Length | Security Status | Use For |
|---|---|---|---|
| MD5 | 32 hex chars | Broken | Non-security checksums only |
| SHA-1 | 40 hex chars | Deprecated | Legacy only, avoid |
| SHA-256 | 64 hex chars | Secure | General purpose — use this |
| SHA-512 | 128 hex chars | Secure | Large files, protocol-specific |
| SHA-3 | Variable | Secure | Defence-in-depth, protocol-specific |
Need to generate or verify a hash in the browser? The Hash Generator supports MD5, SHA-1, SHA-256, SHA-384, and SHA-512 — runs entirely client-side, your input never leaves the browser. Useful for quick checksums and learning how different algorithms handle the same input.
Top comments (0)