{}
hashmd5sha256securitycryptography

MD5 vs SHA-256: Understanding Hash Functions

Compare MD5 and SHA-256 hash functions - how they work, their differences, and when to use each one.

April 10, 2024ยท7 min read

What is a Hash Function?

A cryptographic hash function takes input of any size and produces a fixed-size output (the hash or digest). The same input always produces the same output, but even a tiny change in input produces a completely different hash.

MD5

  • Output: 128 bits (32 hex characters)
  • Example: md5("hello") = 5d41402abc4b2a76b9719d911017c592
  • Status: Cryptographically broken for security use
  • Still useful for: file checksums, non-security deduplication

SHA-1

  • Output: 160 bits (40 hex chars)
  • Status: Deprecated - collision attacks demonstrated in 2017
  • Avoid for new security-critical applications

SHA-256

  • Output: 256 bits (64 hex chars)
  • Example: sha256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • Status: Currently secure - industry standard
  • Used in: Bitcoin, TLS certificates, password hashing schemes

SHA-3 (Keccak)

  • Completely different algorithm from SHA-2
  • Same output sizes but different design
  • Alternative if SHA-2 is ever compromised

For Password Hashing

Never use raw MD5 or SHA-256 for passwords! Use purpose-built password hashing algorithms:

  • bcrypt - adaptive, slow by design
  • Argon2 - memory-hard, winner of the Password Hashing Competition
  • scrypt - memory-hard alternative

Try all hash algorithms with our Hash Generator.

โ† Back to Blog