Hash Generator: MD5, SHA-1, SHA-256 and When to Use Each

A hash function takes an input of any size and produces a fixed-size output called a hash, digest or checksum. The same input always produces the same output. A change to even a single character of the input produces a completely different output. This combination of determinism and sensitivity to change makes hashes useful for verifying data integrity, storing passwords securely, and creating identifiers for content.

Hash functions are one-way operations. Given the hash output, there is no algorithm to recover the original input. This irreversibility is fundamental to most security applications of hashing. It means you can verify that someone knows a password without storing the password itself, and you can confirm that a file has not been modified without storing the original file for comparison.

MD5 and why it should not be used for security

MD5 produces a 128-bit hash represented as 32 hexadecimal characters. It was widely used through the 1990s and early 2000s for checksums, password storage and digital signatures. It is fast to compute and the output format is compact. These properties made it popular when it was introduced.

MD5 is now considered cryptographically broken for security purposes. Researchers have demonstrated practical collision attacks, meaning it is possible to construct two different inputs that produce the same MD5 hash. This breaks any application that relies on MD5 hashes being unique to a specific input. Password databases protected with MD5 are vulnerable to precomputed rainbow table attacks and GPU-accelerated brute force. MD5 should not be used for any new security-related application.

Where MD5 remains useful is for non-security checksums where collision resistance is not required. Verifying that a large file transferred without corruption, checking whether a cached file has changed, or generating a quick fingerprint for deduplication are all appropriate uses because the adversarial threat model does not apply.

SHA-1 and its deprecation

SHA-1 produces a 160-bit hash represented as 40 hexadecimal characters. It was the successor to MD5 and addressed some of its weaknesses. SHA-1 was the standard for SSL certificates, code signing and version control systems including early Git for many years.

SHA-1 was deprecated for security-critical applications after theoretical attacks were demonstrated and eventually a practical collision was computed in 2017. Major browsers stopped accepting SHA-1 certificates. Certificate authorities stopped issuing them. For security purposes, SHA-1 is in the same category as MD5: broken and unsuitable for new use.

Git uses SHA-1 for its object identifiers but in a context where the threat model is different from most cryptographic uses. The content-addressed nature of Git means a collision would require both inputs to produce valid Git objects, which is a harder constraint than a general collision. Git has been migrating toward SHA-256 as an option for new repositories.

SHA-256 and the SHA-2 family

SHA-256 produces a 256-bit hash and is part of the SHA-2 family, which also includes SHA-224, SHA-384 and SHA-512. SHA-256 is the current recommended general-purpose hash function for most applications. No practical attacks against SHA-2 have been demonstrated, and it is the standard for TLS certificates, code signing, cryptocurrency applications and most modern security protocols.

SHA-256 is slower to compute than MD5 or SHA-1, which is actually a feature in the context of password hashing. Password hashing wants to be slow to make brute-force attacks expensive. However, for password storage specifically, SHA-256 alone is not sufficient. It needs to be combined with a salt and an iterated computation using a function designed specifically for passwords like bcrypt, scrypt or Argon2.

Practical uses for hashing

File integrity verification is one of the most common practical uses. Software downloads often include a hash of the file alongside the download link. After downloading, computing the hash of the downloaded file and comparing it to the published hash confirms the file was not modified in transit or storage. This protects against both accidental corruption and deliberate tampering.

Content-based deduplication uses hashes to identify identical files without comparing them byte by byte. Two files with the same hash are almost certainly identical. Scanning a large collection of files for duplicates by comparing their hashes is much faster than comparing file contents directly.

Etags in HTTP caching are hashes or hash-like identifiers of resource content. When a resource changes, its Etag changes. Browsers and proxies use Etags to determine whether cached content is still valid without downloading the full resource.

Open the Hash Generator below.
Paste the text or data you want to hash.
Select the hash algorithm: MD5, SHA-1, SHA-256 or others.
Copy the resulting hash for your use.

💡 For new applications, start with SHA-256 unless you have a specific reason to use something else. It is secure, widely supported, and produces a manageable output size for most purposes.

Generate MD5, SHA-1, SHA-256 and other hash values instantly.

Salting and password hashing

Storing passwords securely in a database requires more than hashing alone. Two users with the same password would produce the same hash, which makes it possible for an attacker who obtains the hash database to identify accounts with matching passwords and to use precomputed tables of common password hashes to crack many accounts at once.

A salt is a random value generated uniquely for each user and combined with the password before hashing. The salt is stored alongside the hash in the database. Because each user has a unique salt, two users with the same password produce different hashes. Precomputed tables are useless because the attacker would need to build a separate table for every possible salt value, which is computationally infeasible.

Password-specific hashing algorithms like bcrypt, scrypt and Argon2 incorporate salting automatically and add a configurable work factor that controls how computationally expensive the hash computation is. Higher work factors make cracking slower without significantly affecting verification speed for legitimate logins. These algorithms are the current standard for password storage and should be used instead of general-purpose hash functions applied directly to passwords.

Hash functions in version control

Git uses SHA-1 hashes to identify every object in its object store, including commits, trees, blobs and tags. The hash of a commit is derived from its content including the commit message, author, timestamp and the hashes of its parent commits. This means the hash of a commit cryptographically encodes the entire history of the repository up to that point. Changing any historical commit changes its hash and the hashes of all subsequent commits, making history tampering detectable.

The collision resistance of SHA-1 was the property that made it suitable for this use case. Now that practical collisions have been demonstrated, Git is migrating to SHA-256 for new repositories while maintaining backward compatibility for existing ones. The migration is complex because Git repository formats, protocols and tooling all assume SHA-1 identifiers.

Choosing the right hash function for your use case

The right hash function depends on the requirements of the specific use case. For password storage, use bcrypt, scrypt or Argon2 rather than any general-purpose hash function. For data integrity checks where performance matters and security is not a concern, MD5 or CRC32 are fast and widely supported. For security-sensitive integrity verification, use SHA-256 or SHA-3. For digital signatures and certificates, SHA-256 is the current standard. For content-addressed storage and deduplication at scale, the choice between SHA-256 and faster but less widely supported alternatives depends on the performance requirements.

Cryptographic agility, designing systems so the hash function can be changed without redesigning the entire system, is good practice because the history of cryptography shows that trusted algorithms are eventually compromised. Building systems that separate the choice of hash function from the logic that uses it makes future migrations possible without full rewrites.

Content delivery networks use hash-based cache busting to ensure browsers load updated versions of assets when they change. Including the hash of the file contents in the filename or URL means any change to the file produces a new URL, which the browser treats as a new resource and downloads fresh. This approach combines long cache lifetimes for unchanged assets with immediate cache invalidation for changed ones, providing both performance and correctness.

Message authentication codes, which are keyed hash functions, verify both the integrity and the authenticity of data. Unlike a plain hash, which anyone can compute, a MAC requires knowledge of the secret key to produce. API request signing uses MACs to allow servers to verify that a request came from a client that knows the secret key without transmitting the key itself. HMAC-SHA256 is the most widely used MAC construction for this purpose.