Hash Functions Explained: MD5, SHA-1, SHA-256 in Practice
Hash functions are everywhere in modern software — checksums, password storage, content addressing, blockchain. But "use SHA-256 for everything" is bad advice. Different hash functions exist for different purposes. Here's the 2026 guide.
What a hash function does
Takes any-size input. Returns a fixed-size output (the "hash" or "digest"). The same input always gives the same output. A tiny input change produces a totally different output (the "avalanche effect").
Properties we want from cryptographic hashes
- Pre-image resistance: given hash, can't find input
- Second pre-image resistance: given input, can't find different input with same hash
- Collision resistance: can't find any two inputs with same hash
The major hash functions in 2026
MD5 (1992)
- Output: 128 bits (32 hex chars)
- Status: broken for cryptographic use since 2004 (collisions in seconds)
- Still fine for: file integrity checks where you trust the source, database row deduplication, cache keys
- Don't use for: passwords, signatures, security-critical anything
SHA-1 (1995)
- Output: 160 bits (40 hex chars)
- Status: collision attack demonstrated in 2017 (SHAttered)
- Still in use for: Git commits (transitioning to SHA-256)
- Don't use for: anything new
SHA-256 (2001, SHA-2 family)
- Output: 256 bits (64 hex chars)
- Status: secure, no practical attacks
- The default cryptographic hash in 2026
- Used by: Bitcoin, TLS certificates, JWT signatures, modern Git
SHA-512 (2001)
- Output: 512 bits
- Status: secure, slightly faster than SHA-256 on 64-bit CPUs
- Use case: when 256 bits is overkill anyway, prefer SHA-256 for compatibility
SHA-3 / Keccak (2015)
- Output: 224, 256, 384, 512 bits
- Status: secure, designed as backup if SHA-2 ever falls
- Used by: Ethereum (Keccak-256 variant)
BLAKE3 (2020)
- Output: arbitrary, default 256 bits
- Status: secure, 3-10x faster than SHA-256
- Use case: high-throughput hashing, content addressing
bcrypt / scrypt / Argon2 (password hashes)
- NOT the same as cryptographic hashes
- Designed to be slow, with adjustable cost parameter
- Includes salt to prevent rainbow tables
- Use Argon2id for new password storage in 2026
Speed comparison (1GB input, modern CPU)
| Algorithm | Time | Status |
|---|---|---|
| MD5 | 1.2s | Broken for crypto |
| SHA-1 | 1.8s | Broken for crypto |
| SHA-256 | 3.4s | Secure |
| SHA-512 | 2.4s | Secure |
| BLAKE3 | 0.4s | Secure, modern |
Common use cases and the right hash
File integrity check (downloaded a file, want to verify)
SHA-256 is the modern default. SHA-1 still appears (Git, older Linux distros) but is weak.
Password storage
NEVER use raw cryptographic hashes (SHA-256, MD5). Use Argon2id, bcrypt, or scrypt with a salt.
Cache key / database deduplication
MD5 or xxHash are fine — speed matters more than collision resistance. CRC32 also works for small data.
Content-addressable storage (Git, IPFS)
SHA-256 or BLAKE3. Git is migrating to SHA-256.
Digital signatures (JWT, TLS)
SHA-256 paired with RSA or ECDSA. SHA-512 if you need extra margin.
Blockchain (proof of work)
SHA-256 (Bitcoin), Keccak-256 (Ethereum), Scrypt (Litecoin), Equihash (Zcash).
Generating an ID from content
SHA-256 truncated to 16 bytes is fine. Or use a UUIDv5 with a namespace.
Generating hashes in different languages
// JavaScriptconsthash =awaitcrypto.subtle.digest('SHA-256',newTextEncoder().encode(text));consthex =Array.from(newUint8Array(hash)).map(b => b.toString(16).padStart(2,'0')).join('');# Pythonimporthashlib hashlib.sha256(text.encode()).hexdigest()// Goimport"crypto/sha256"hash := sha256.Sum256([]byte(text))# Bashecho -n"text"| sha256sum
HMAC: hash + secret key
HMAC-SHA256 is the standard for message authentication. It combines a secret key with a message and produces a tag — anyone with the key can verify, no one else can forge.
importhmac, hashlib sig = hmac.new(secret, message, hashlib.sha256).hexdigest()
Used by: webhooks (Stripe, GitHub), JWT HS256, AWS SigV4.
Why "just use SHA-256 with salt for passwords" is wrong
SHA-256 is fast — billions of hashes per second on a GPU. Even with salt, an attacker with your hash database can crack 8-character passwords in hours.
Argon2id is intentionally slow (configurable to 100ms+ per hash) and uses lots of memory, defeating GPU/ASIC attacks.
Tools
- Hash generator — MD5, SHA-1, SHA-256, SHA-512 in the browser
- JWT decoder — see HMAC-SHA256 in action
Bottom line
Default to SHA-256 for cryptographic needs. Use Argon2id for passwords. Use BLAKE3 when speed matters. Use MD5 only for non-security checks. Never use SHA-1 for new code.
Try the free dev tools suite
15+ tools. 100% client-side. No signup. No tracking.
Browse all tools →