Guides Pricing

Guide

MD5 vs SHA-256 vs SHA-512: which hash to use

Understand cryptographic hashes, why MD5 and SHA-1 are broken for security, and when to reach for SHA-256 or SHA-512 — with a hasher built in.

Try it — SHA-256 Hash Generator
#
SHA-256 Hash Generator
⌃⏎ run · clear · / focus input
⇅ drop a file to hash it

A cryptographic hash turns any input — a word, a file, a gigabyte of video — into a fixed-length string of bytes called a digest. The same input always produces the same digest, and a tiny change to the input produces a completely different one. Paste any text into the hasher above to watch this in action.

What a hash is for

Hashes answer one question: is this exactly the data I expected? They power file integrity checks, digital signatures, deduplication, and content addressing. A good cryptographic hash has three properties:

  • One-way — given a digest, you cannot feasibly compute the input.
  • Deterministic — the same input always yields the same digest.
  • Collision-resistant — you cannot feasibly find two different inputs with the same digest.

That third property is where the older algorithms have failed.

The one-way property

Hashing is not encoding or encryption — there is no reverse function. You cannot decode a digest back to its input the way you can decode Base64. The only way to "reverse" a hash is to guess inputs, hash each one, and look for a match. This is exactly why short or predictable inputs (like unsalted passwords) are vulnerable: an attacker precomputes digests for billions of likely inputs and looks yours up.

Digest sizes

Input: "snaptools"

MD5      9 e 1 0 ...  →  128 bits  (32 hex chars)
SHA-1    b a 7 c ...  →  160 bits  (40 hex chars)
SHA-256  4 f 8 a ...  →  256 bits  (64 hex chars)
SHA-512  d 2 1 e ...  →  512 bits  (128 hex chars)

A larger digest gives more room before collisions become statistically possible, but size alone does not make an algorithm secure — the internal design matters more.

Why MD5 and SHA-1 are broken

MD5 and SHA-1 are no longer collision-resistant. Researchers have produced real, practical collisions: two distinct files with identical digests. That breaks every security use that depends on uniqueness — signatures, certificates, tamper detection.

Concretely, do not use MD5 or SHA-1 for:

  • Password storage
  • Digital signatures or certificates
  • Verifying that a file was not maliciously altered

MD5 remains fine for one narrow job: a fast checksum to catch accidental corruption (a bad download, a flipped bit on disk), where no attacker is involved.

SHA-256 and SHA-512 are the current standard

For anything where an attacker might try to forge data, use the SHA-2 familySHA-256 or SHA-512. Both are widely deployed, well-analyzed, and have no known practical collision attacks. SHA-256 is the sensible default; choose SHA-512 when you want a longer digest or are on 64-bit hardware where it can be faster. SHA-3 is a newer, structurally different family that is also a solid choice.

Passwords need a password hash, not a plain hash

This is the most common and most dangerous mistake. SHA-256 is fast, and speed is the enemy of password storage — it lets an attacker test billions of guesses per second. Passwords need a purpose-built password hashing function:

  • bcrypt — battle-tested, has a tunable cost factor.
  • argon2 — modern, memory-hard, resists GPU attacks; argon2id is a strong default.

These functions are deliberately slow and apply a unique salt per password so identical passwords never share a digest. In short:

  • General integrity / signatures / fingerprints → SHA-256 or SHA-512.
  • Accidental-corruption checksums only → MD5 is tolerable.
  • Passwords → bcrypt or argon2, never a plain hash.

Use the hasher above to compare digests across algorithms, but remember it is a fingerprinting tool — not a place to store anything secret.

Frequently asked questions

No. A cryptographic hash is one-way by design. The only practical way to find the input behind a hash is to try candidate inputs and compare digests, which is why weak inputs and weak algorithms are dangerous.
Not for anything security-related. MD5 is broken — attackers can produce two different inputs with the same hash (a collision) cheaply. It is acceptable only for non-security checksums like detecting accidental file corruption.
Both are part of the SHA-2 family and are considered secure. SHA-256 produces a 256-bit digest; SHA-512 produces a 512-bit digest and can be faster on 64-bit hardware. SHA-256 is the common default.
No. Plain hashes are too fast, which makes them easy to brute-force. Use a dedicated password hash such as bcrypt or argon2, which are deliberately slow and salted.
A collision is when two different inputs produce the same hash. A secure hash makes finding one computationally infeasible. MD5 and SHA-1 no longer hold that property.

Related

Esc
↑↓ navigate open Esc close