Hash Functions Explained: MD5, SHA-1, SHA-256, and When to Use Each
When you download a file, store a password, or send a signed document, hash functions are working invisibly to keep data trustworthy. This guide explains what they are, how they differ, and which one to use in your projects.
What Is a Hash Function?
A hash function takes any input — a word, a file, a database — and produces a fixed-length string of characters called a hash (or digest). The same input always produces the same hash. A different input produces a completely different hash.
Input
Hello SHA-256 output
185f8db32921bd46d35cc2e877de389...3d Three key properties make hash functions useful:
- Deterministic — same input always → same output
- One-way — you cannot reverse a hash back to the original input
- Avalanche effect — a tiny change in input produces a completely different hash
Common Hash Algorithms Compared
| Algorithm | Output | Status | Use for |
|---|---|---|---|
| MD5 | 128-bit (32 hex chars) | ⚠️ Broken | File checksums, non-security use only |
| SHA-1 | 160-bit (40 hex chars) | ⚠️ Deprecated | Legacy systems, avoid for new projects |
| SHA-256 | 256-bit (64 hex chars) | ✅ Recommended | Digital signatures, TLS, data integrity |
| SHA-512 | 512-bit (128 hex chars) | ✅ Recommended | High-security applications |
| bcrypt | variable | ✅ For passwords | Password storage (slow by design) |
| SHA-3 | 224–512-bit | ✅ Modern | Alternative to SHA-2, future-proof |
Real-World Use Cases
File integrity verification
Software download sites publish a SHA-256 checksum alongside the file. After downloading, you compute the checksum of your downloaded copy and compare — if they match, the file wasn't corrupted or tampered with.
Password storage
Websites don't store your password in plain text — they store a hash. When you log in, your input is hashed and compared to the stored hash. Even if the database leaks, attackers get hashes, not passwords. (Use bcrypt or Argon2 for passwords — not MD5 or SHA-256 directly.)
Digital signatures
A signature proves a document hasn't been altered. The signer hashes the document, encrypts the hash with their private key (creating the signature), and publishes both. Anyone can verify by decrypting the signature and comparing hashes.
Git commits
Every Git commit is identified by a SHA-1 hash (moving to SHA-256) of its content. This makes tampering with history detectable — changing a commit changes its hash, which breaks all subsequent hashes.
Blockchain
Bitcoin and other blockchains chain blocks together using SHA-256 hashes — each block contains the hash of the previous block, making the chain tamper-evident.
Why MD5 and SHA-1 Are No Longer Secure
MD5 and SHA-1 were broken by collision attacks — researchers found ways to create two different inputs that produce the same hash. This breaks the fundamental uniqueness guarantee.
In 2017, Google published SHAttered — the first practical SHA-1 collision, producing two different PDF files with the same hash. MD5 collisions had been known since 2004. Both are now disqualified from any security-sensitive use.
⚠️ Still safe for non-security use
MD5 is still fine for non-security tasks like checksumming a downloaded file for accidental corruption (not for tampering detection). It is fast and universally supported — just don't use it for authentication or digital signatures.
Generate Hashes Online
Use our Hash Generator to compute MD5, SHA-1, SHA-256, and SHA-512 hashes for any text string, directly in your browser.
Generate MD5, SHA-256 hashes instantly