Cryptographic Hash Functions: MD5, SHA-256, SHA-512 Explained
๐ 9 min read ยท Security ยท Try Hash Generator โ
What is a Cryptographic Hash Function?
A cryptographic hash function is a mathematical algorithm that takes an input of any size and produces a fixed-size output called a hash, digest, or checksum. Hash functions have four essential properties that make them useful for security:
- Deterministic โ The same input always produces the same hash output
- One-way (Pre-image resistance) โ It is computationally infeasible to reverse a hash to get the original input
- Avalanche effect โ A tiny change in input (even one character) produces a completely different hash
- Collision resistance โ It is computationally infeasible to find two different inputs that produce the same hash
Hash Algorithm Comparison
| Algorithm | Output Size | Speed | Security | Use Today? |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex) | Very fast | Broken | No (checksums only) |
| SHA-1 | 160 bits (40 hex) | Fast | Broken | No (legacy only) |
| SHA-256 | 256 bits (64 hex) | Fast | Secure | Yes |
| SHA-512 | 512 bits (128 hex) | Fast | Very secure | Yes |
| SHA-3 | 224-512 bits | Moderate | Very secure | Yes (future-proof) |
| bcrypt | Variable | Intentionally slow | Secure | Yes (passwords only) |
MD5 โ Fast but Broken
MD5 (Message Digest 5) was designed in 1991 and produces a 128-bit hash. It was widely used for checksums and password hashing. However, MD5 is now considered cryptographically broken โ researchers have demonstrated practical collision attacks, meaning two different inputs can produce the same MD5 hash.
Still acceptable for: Non-security checksums, file deduplication, cache keys, and legacy system compatibility where security is not a concern.
Never use for: Password hashing, digital signatures, SSL certificates, or any security-critical application.
SHA-256 โ The Current Standard
SHA-256 (Secure Hash Algorithm 256-bit) is part of the SHA-2 family designed by the NSA and published in 2001. It produces a 256-bit (64 hexadecimal character) hash and is currently the most widely used cryptographic hash algorithm.
SHA-256 is used in: SSL/TLS certificates, Bitcoin and most cryptocurrencies, code signing, digital signatures, HMAC authentication, and most modern security protocols.
// SHA-256 example Input: "Hello, World!" Output: dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986d
Common Use Cases
File integrity verification
Software downloads include a SHA-256 checksum. After downloading, compute the hash of the file and compare it to the published checksum. If they match, the file was not corrupted or tampered with during download.
Digital signatures
Instead of signing the entire document (which could be large), sign the hash of the document. The hash is small and fixed-size, making signing fast and efficient.
HMAC authentication
HMAC (Hash-based Message Authentication Code) uses a hash function with a secret key to authenticate API requests. The sender computes HMAC-SHA256(message, secret) and includes it in the request header.
Content addressing
Git uses SHA-1 (transitioning to SHA-256) to identify commits, trees, and blobs. Each object is identified by the hash of its content, making it impossible to change history without changing all subsequent hashes.
Deduplication
Hash files to detect duplicates. If two files have the same hash, they are identical. Used in backup systems, cloud storage, and content delivery networks.
Why Not Use SHA-256 for Passwords?
SHA-256 is too fast for password hashing. A modern GPU can compute 10+ billion SHA-256 hashes per second, making brute-force attacks feasible. For passwords, use purpose-built slow algorithms:
- bcrypt โ Intentionally slow, built-in salting, widely supported. Good default choice.
- scrypt โ Memory-hard, resistant to GPU attacks. Good for high-security applications.
- Argon2 โ Winner of the Password Hashing Competition (2015). Best choice for new applications.
Generate Hashes Online
Compute MD5, SHA-1, SHA-256, and SHA-512 hashes instantly in your browser.
Hash Generator โ