Guide
MD5 vs SHA-256 vs SHA-512: which hash to use
Understand cryptographic hashes, why MD5 and SHA-1 are broken for security, and when to reach for SHA-256 or SHA-512 — with a hasher built in.
A cryptographic hash turns any input — a word, a file, a gigabyte of video — into a fixed-length string of bytes called a digest. The same input always produces the same digest, and a tiny change to the input produces a completely different one. Paste any text into the hasher above to watch this in action.
What a hash is for
Hashes answer one question: is this exactly the data I expected? They power file integrity checks, digital signatures, deduplication, and content addressing. A good cryptographic hash has three properties:
- One-way — given a digest, you cannot feasibly compute the input.
- Deterministic — the same input always yields the same digest.
- Collision-resistant — you cannot feasibly find two different inputs with the same digest.
That third property is where the older algorithms have failed.
The one-way property
Hashing is not encoding or encryption — there is no reverse function. You cannot decode a digest back to its input the way you can decode Base64. The only way to "reverse" a hash is to guess inputs, hash each one, and look for a match. This is exactly why short or predictable inputs (like unsalted passwords) are vulnerable: an attacker precomputes digests for billions of likely inputs and looks yours up.
Digest sizes
Input: "snaptools"
MD5 9 e 1 0 ... → 128 bits (32 hex chars)
SHA-1 b a 7 c ... → 160 bits (40 hex chars)
SHA-256 4 f 8 a ... → 256 bits (64 hex chars)
SHA-512 d 2 1 e ... → 512 bits (128 hex chars)
A larger digest gives more room before collisions become statistically possible, but size alone does not make an algorithm secure — the internal design matters more.
Why MD5 and SHA-1 are broken
MD5 and SHA-1 are no longer collision-resistant. Researchers have produced real, practical collisions: two distinct files with identical digests. That breaks every security use that depends on uniqueness — signatures, certificates, tamper detection.
Concretely, do not use MD5 or SHA-1 for:
- Password storage
- Digital signatures or certificates
- Verifying that a file was not maliciously altered
MD5 remains fine for one narrow job: a fast checksum to catch accidental corruption (a bad download, a flipped bit on disk), where no attacker is involved.
SHA-256 and SHA-512 are the current standard
For anything where an attacker might try to forge data, use the SHA-2 family — SHA-256 or
SHA-512. Both are widely deployed, well-analyzed, and have no known practical collision attacks.
SHA-256 is the sensible default; choose SHA-512 when you want a longer digest or are on 64-bit
hardware where it can be faster. SHA-3 is a newer, structurally different family that is also a
solid choice.
Passwords need a password hash, not a plain hash
This is the most common and most dangerous mistake. SHA-256 is fast, and speed is the enemy of password storage — it lets an attacker test billions of guesses per second. Passwords need a purpose-built password hashing function:
- bcrypt — battle-tested, has a tunable cost factor.
- argon2 — modern, memory-hard, resists GPU attacks; argon2id is a strong default.
These functions are deliberately slow and apply a unique salt per password so identical passwords never share a digest. In short:
- General integrity / signatures / fingerprints → SHA-256 or SHA-512.
- Accidental-corruption checksums only → MD5 is tolerable.
- Passwords → bcrypt or argon2, never a plain hash.
Use the hasher above to compare digests across algorithms, but remember it is a fingerprinting tool — not a place to store anything secret.