Hash Functions Explained: MD5, SHA-1, SHA-256, and SHA-512
A practical guide to cryptographic hash functions — what they are, when to use each one, and why MD5 and SHA-1 are no longer safe for security-critical work.
If you’ve verified a downloaded file by checking its SHA-256 checksum, stored a password in a database, or wondered what a Git commit ID actually is — you’ve already used hash functions. Here’s how they work and which one to pick.
What is a hash function?
A cryptographic hash function takes any input — one character, a paragraph, or a gigabyte file — and returns a fixed-length string called a digest. Two properties make hashes useful:
- Deterministic: the same input always produces the same hash.
- Avalanche effect: changing even one character completely changes the output. The hash of “hello” looks nothing like the hash of “hellp”.
Hashes are one-way: you can’t reverse a hash to recover the original input without brute-force search. That’s what makes them safe for storing passwords — the database stores the hash, not the plaintext.
MD5 — fast but broken
MD5 produces a 128-bit (32 hex characters) hash. It was the standard through the 1990s but is now cryptographically broken.
Researchers have demonstrated collision attacks — constructing two different inputs that produce the same MD5 hash. That makes MD5 unsafe for password storage, digital signatures, and certificate fingerprints.
It’s still acceptable for non-security checksums. If you just want to confirm that a downloaded file wasn’t accidentally corrupted in transit and there’s no attacker in the picture, MD5 is fine and fast.
SHA-1 — deprecated but still around
SHA-1 produces a 160-bit (40 hex characters) hash. It replaced MD5 as the standard choice, but Google’s SHAttered project demonstrated practical collision attacks in 2017.
SHA-1 is deprecated for new systems. You’ll still encounter it in legacy TLS certificates (now rejected by major browsers), Git’s original object format (Git migrated to SHA-256 in newer repository formats), and old SSH host key fingerprints. Don’t use it for anything security-sensitive in new code.
SHA-256 — the current standard
SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex characters) hash. It’s the workhorse of modern cryptography:
- HTTPS certificates: SHA-256 is required for all current TLS certificates.
- JWT signatures: the most common algorithm is HMAC-SHA256.
- Password storage: PBKDF2 typically uses HMAC-SHA256 internally.
- Blockchain: Bitcoin’s proof-of-work and block linking both use SHA-256.
- Git: newer repositories use SHA-256 for object IDs.
No practical attacks against SHA-256 exist. Use it as your default.
SHA-512 — bigger output, marginally faster on 64-bit
SHA-512 produces a 512-bit (128 hex characters) hash. Compared to SHA-256, it has a larger theoretical security margin — though SHA-256 already exceeds what any attacker could realistically brute-force. The more interesting difference: SHA-512 is designed around 64-bit words while SHA-256 uses 32-bit words, so on modern 64-bit CPUs SHA-512 can actually be faster per byte than SHA-256.
Use SHA-512 when the system you’re integrating with requires it, or when you want extra headroom for long-term archival. For most applications, SHA-256 is the better-supported choice.
Choosing the right algorithm
| Use case | Recommended algorithm |
|---|---|
| File integrity check (casual) | MD5 or SHA-256 |
| File integrity check (security-sensitive) | SHA-256 |
| Password storage | bcrypt / Argon2 (not raw SHA) |
| HMAC / JWT | SHA-256 |
| TLS / certificates | SHA-256 |
| Long-term archival signing | SHA-512 |
One note on passwords: raw SHA hashing — even SHA-512 — is not suitable for passwords because hashes compute too quickly, making brute-force feasible. Use bcrypt, scrypt, or Argon2 instead.
The Hash Generator computes all four hash values from any text in real time, directly in your browser — paste a string, compare against a known checksum, or just see what different inputs produce. No signup required.