Hash Functions — MD5 vs SHA1 vs SHA256 vs bcrypt
A comprehensive comparison of cryptographic hash functions. Generate hashes instantly with our Hash Generator.
Algorithm Comparison
| Algorithm | Output Size | Security | Speed | Best For |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex) | Broken — collision attacks possible | Very fast | Checksums, non-security (legacy only) |
| SHA-1 | 160 bits (40 hex) | Deprecated — theoretical attacks exist | Fast | Git commit IDs, legacy systems |
| SHA-256 | 256 bits (64 hex) | Secure — no known practical attacks | Moderate | Certificates, signatures, general-purpose |
| SHA-512 | 512 bits (128 hex) | Secure — no known practical attacks | Moderate | High-security applications |
| bcrypt | Variable (448 bits) | Secure — built-in salt + cost factor | Slow (intentionally) | Password hashing and storage |
| Argon2 | Variable | Secure — memory-hard, resistant to GPU attacks | Slow (intentionally) | Modern password hashing (recommended) |
Hash Output Examples
The same input produces a different output for each algorithm:
MD5
5d41402abc4b2a76b9719d911017c592SHA-1
aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434dSHA-256
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824bcrypt
$2b$12$LJ3m4ys3Lk/qZ8HcFJvqHOXKkKzYOdPJgRcQpYxZ6sFgTzWq3v5uSChoosing the Right Hash Function
Password storage
Use bcrypt or Argon2. These are intentionally slow and include salt to prevent rainbow table attacks. Never use MD5 or SHA for passwords.
File integrity checks
SHA-256 or SHA-512. For non-critical checksums, MD5 is still common but avoid for security-sensitive verification.
Digital signatures
SHA-256 with RSA or ECDSA. SHA-256 is the standard for TLS certificates and code signing.
Data deduplication
SHA-256 or SHA-512. Use the same algorithm consistently. Consider the trade-off between collision probability and performance.
Key Concepts
Deterministic
Same input always produces the same hash output
One-way
Cannot reverse a hash to find the original input
Collision-resistant
Two different inputs should not produce the same hash
Avalanche effect
Changing one bit of input changes ~50% of output bits
Salt
Random data added to input before hashing (prevents rainbow tables)
Cost factor
Increases computation time to slow down brute-force attacks
Common Use Cases
Frequently Asked Questions
What is the difference between MD5, SHA1, and SHA256?
MD5 (128-bit) is broken and should not be used for security. SHA-1 (160-bit) is deprecated. SHA-256 (256-bit) is currently secure and recommended for general-purpose hashing. Their primary differences are output size, security level, and speed.
Why should I not use MD5 for passwords?
MD5 is too fast and has known collision vulnerabilities. An attacker can compute billions of MD5 hashes per second using commodity hardware. For password storage, use bcrypt or Argon2 which are intentionally slow and include built-in salt.
What is the best hash function for password storage?
bcrypt and Argon2 are the current standards for password hashing. They are intentionally slow, include salt to prevent rainbow table attacks, and are resistant to GPU-based brute forcing. Never use MD5, SHA-1, or plain SHA-256 for passwords.
Is SHA-256 still secure?
Yes. SHA-256 is still secure with no known practical collision attacks. It is recommended for digital signatures, certificates, file integrity checks, and general-purpose hashing. However, it is not suitable for password storage because it is too fast.
What is a hash salt and why is it important?
A salt is a random value added to the input before hashing. It ensures that identical inputs produce different hash outputs, preventing attackers from using precomputed rainbow tables. bcrypt and Argon2 include salt automatically.