Hashing is one of those topics that sounds dry until you realize how much of the modern internet rides on it. Every password ever stored well, every TLS handshake, every blockchain block, every Git commit, every file integrity check, every digital signature: all of them depend on hash functions. Two algorithms come up over and over in real codebases: MD5 and SHA-256. This article explains the difference, why MD5 is no longer safe for security, and which hash you should reach for in 2026.
What a hash function actually does
A hash function takes any input (a single byte, a 4 GB movie, an empty string) and produces a fixed-length fingerprint of that input. Two important properties make hash functions useful:
- Deterministic: the same input always produces the same hash. Every time, on every machine.
- Avalanche: changing one bit of input changes about half the bits of output, so similar inputs look completely different.
- One-way: given a hash, you cannot reverse it to recover the input.
- Collision-resistant: it should be computationally infeasible to find two inputs with the same hash.
These properties power dozens of use cases. Verifying a download? Compare hashes. Storing passwords? Hash them so a database leak does not expose them in plain text. Detecting duplicate files? Hash and compare. Building a blockchain? Chain hashes together so any tampering breaks the chain.
MD5: still common, no longer secure
MD5 was designed by Ronald Rivest in 1991. It produces a 128-bit hash and is fast even on old hardware. For about 15 years it was the default hash for everything: TLS certificates, password storage, file integrity, digital signatures.
Then came collisions. In 2004, researchers found a way to produce two different inputs with the same MD5 hash. By 2008, attackers had used this to forge a fraudulent TLS certificate that browsers trusted. Since then, MD5 has been considered cryptographically broken. Modern certificate authorities, password systems, and signature schemes have all moved away from it.
Where MD5 is still acceptable
SHA-1: also broken
SHA-1 was the next-generation hash standardized by the NSA in 1993. It produces a 160-bit hash. Like MD5, it was the default for years before researchers gradually weakened it. The first practical collision attack landed in 2017, when Google and CWI Amsterdam published two PDF files with the same SHA-1 hash.
Most systems have moved off SHA-1 since then. Git still uses it for commit hashes, but the Git project has been transitioning to SHA-256 for years. Newer systems should not use SHA-1 for anything security-related.
SHA-256: the current standard
SHA-256 is part of the SHA-2 family, also designed by the NSA and published in 2001. It produces a 256-bit hash and remains cryptographically secure as of 2026 with no practical attacks known. It is the default for:
- TLS certificates and HTTPS connections
- Bitcoin and most blockchains
- Code signing and software distribution
- Modern password hashing (as part of bcrypt or PBKDF2)
- Most digital signatures and message authentication codes
SHA-256 is fast on modern CPUs (most of which have hardware acceleration via the SHA-NI instruction set), well-studied, and widely implemented. There is no good reason in 2026 to choose MD5 or SHA-1 over SHA-256 for anything new.
SHA-512 and beyond
SHA-512 produces 512-bit hashes and is actually faster than SHA-256 on 64-bit machines because it processes 64-bit chunks natively. Use SHA-512 when you need extra margin (some government work mandates it) or when you have lots of small hashes and the performance matters.
SHA-3 is a different family of hash algorithms standardized in 2015. It is not a replacement for SHA-256, just an alternative in case future research weakens SHA-2. Most systems still use SHA-2 because it is faster and well-tested.
Comparison at a glance
| Algorithm | Status and notes | |
|---|---|---|
| MD5 | 128 bits, very fast | Broken since 2004. Checksums only, never security. |
| SHA-1 | 160 bits, fast | Broken since 2017. Avoid for new work. |
| SHA-256 | 256 bits, fast | Current standard. Safe and widely supported. |
| SHA-384 | 384 bits | Used for extra margin in some government and finance work. |
| SHA-512 | 512 bits, faster than SHA-256 on 64-bit CPUs | Safe and widely supported. |
| SHA-3 | Configurable output | Backup if SHA-2 is ever weakened. Slower in software today. |
What about passwords?
Plain hashes are not enough for passwords
The pattern looks like this in pseudocode:
- Bad: store sha256(password)
- Better: store sha256(salt + password) with a unique salt per user
- Best: store argon2(password) or bcrypt(password) which handle salt and slowness for you
Real-world use cases
Verifying downloads
Software publishers list a hash next to the download link. You download the file, compute its hash, and compare. If they match, the file was not tampered with in transit. SHA-256 is the default for new projects. MD5 still appears in older Linux distros and tools.
Detecting duplicate files
Hash every file in a folder. Group by hash. Each group with more than one file is a duplicate set. MD5 is fine for this because there is no attacker; you control all the inputs.
Generating ETags
Web servers use hashes of response bodies as ETags. When the body changes, the ETag changes. CDN and browser caches use this to know when to invalidate. SHA-1 or SHA-256 are common choices.
Idempotency keys for APIs
Hash the request body and use it as an idempotency key. If the client retries with the same body, the hash matches and the server returns the original response.
Database lookup keys
Index large strings by their SHA-256 hash. Fixed-size keys index better than variable-length text. Useful for content addressing in object storage, deduplication, and similar patterns.
Digital signatures
Public key signatures are computed on the hash of a message, not the message itself. The signer hashes the message, signs the hash with a private key, and the verifier hashes the message and checks the signature. SHA-256 is the modern standard.
Common questions
Can I reverse a hash?
No. Hashes are one-way functions. Given the hash, there is no mathematical way to recover the input. You can however brute force: try inputs and check if the hash matches. This is why weak passwords get cracked even from a hashed database.
Why does my hash output look different in different tools?
Most tools output hashes in lowercase hex by default. Some use uppercase. Some use Base64 (shorter than hex). All represent the same underlying bytes. Convert between them as needed; the actual hash value is identical.
What is a salt and why does it matter?
A salt is a random string mixed with the password before hashing. It ensures that two users with the same password get different hashes, defeating precomputed rainbow tables. Modern password hashing functions handle salt automatically. Never roll your own salting; use bcrypt, scrypt, or Argon2.
Are hashes used in JWTs?
Yes, indirectly. JWT signatures use HMAC-SHA-256 (a keyed hash) or asymmetric signatures (RSA or ECDSA on top of SHA-256). When you see a JWT with the algorithm HS256, that is HMAC-SHA-256.
Generate hashes online
ToolHub Hash Generator computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text directly in your browser using the native Web Crypto API. Nothing is uploaded.
Free tool
Try the Hash Generator now
MD5, SHA-1, SHA-256, SHA-512 hashes
Summary
For new code, use SHA-256. Use SHA-512 when you want extra margin. Use MD5 only for non-security checksums on data you already control. Never use any plain hash for password storage: use bcrypt, scrypt, or Argon2 instead. Hashing is foundational infrastructure for the modern web; understanding it well pays off across many roles, from security to backend to DevOps.