Understanding Hash Functions: MD5, SHA-1, and SHA-256

Not all hash functions are secure. MD5 and SHA-1 are broken. SHA-256 is the standard. Here is the difference and when to use each.

hashsecuritycrypto

What hash functions do

Hash functions are everywhere in software. They verify file downloads, sign commits, store passwords, and secure digital signatures. Yet most developers treat them as interchangeable utilities. The truth is that hash functions have different security properties, and using the wrong one can create real vulnerabilities.

A cryptographic hash function takes an input of any size and produces a fixed-length output called a digest. For SHA-256, that digest is always 256 bits, or 64 hexadecimal characters. The function must satisfy four properties:

  • It must be deterministic: the same input always produces the same output
  • It must be fast to compute
  • It must be infeasible to reverse: given a digest, you should not find the original input
  • It must resist collisions: two different inputs should not produce the same digest

MD5: broken since 2004

MD5 was designed in 1991 and became the most widely used hash function of the 1990s and 2000s. It produces a 128-bit digest and is extremely fast. But its speed is also its weakness.

In 2004, researchers demonstrated practical collision attacks against MD5: they could create two different files with the same MD5 hash. By 2008, attackers had forged SSL certificates using MD5 collisions. Today, MD5 is considered broken for any cryptographic purpose. It should only be used for non-security applications, such as checksums on internal data where collision resistance does not matter.

SHA-1: also deprecated

SHA-1 was designed by the NSA as MD5's successor. It produces a 160-bit digest and was considered secure for nearly two decades. In 2017, Google and CWI Amsterdam announced SHAttered: two different PDF documents with the same SHA-1 hash.

Browsers, operating systems, and security standards have been phasing out SHA-1 since 2016. Git still uses SHA-1 for object identifiers, but that is not a collision-critical use case because Git objects are not adversarially controlled.

SHA-256: the current standard

SHA-256 is part of the SHA-2 family, also designed by the NSA, and published in 2001. It produces a 256-bit digest. As of 2026, there are no known practical collision attacks against SHA-256.

It is the default hash algorithm in TLS 1.3, Bitcoin, IPFS, Docker image layers, and almost every modern security protocol. When you download a file and verify its sha256sum, or when a certificate authority signs a certificate, SHA-256 is almost certainly what is being used.

When to use which

Use SHA-256 for file integrity checks, digital signatures, certificate validation, and any application where collision resistance matters. Do not use MD5 or SHA-1 for anything security-related.

If you are storing passwords, do not use any of these hash functions directly — not even SHA-256. Passwords require specialized algorithms designed to be slow, such as bcrypt, Argon2, or scrypt. These algorithms incorporate work factors and salts to resist brute-force attacks. A fast hash like SHA-256 allows an attacker to test billions of passwords per second on modern hardware.

Try the DevUtils Hash Generator

For quick integrity checks during development — verifying that a configuration file has not changed, or checking the hash of a downloaded binary — SHA-256 is the right choice.

The DevUtils [Hash Generator](/tool/hash) computes MD5, SHA-1, SHA-256, and SHA-512 instantly in your browser. Your data is never sent to a server. Paste your text or file content, copy the digest, and compare it against the expected value. For anything else, make sure you understand whether collision resistance matters before choosing a hash algorithm.

Generate a hash →
Tags:hashsecuritycrypto

← Back to blog