Hash Algorithms Cheatsheet
A quick reference for common cryptographic and non-cryptographic hash algorithms — output sizes, security status, and when to use each.
Try the Hash GeneratorSections
Cryptographic Hash Functions
| Algorithm | Output Size | Status | Common Use |
|---|---|---|---|
MD5 | 128 bits (32 hex) | Broken | |
SHA-1 | 160 bits (40 hex) | Broken | |
SHA-224 | 224 bits (56 hex) | Secure | |
SHA-256 | 256 bits (64 hex) | Secure | |
SHA-384 | 384 bits (96 hex) | Secure | |
SHA-512 | 512 bits (128 hex) | Secure | |
SHA3-256 | 256 bits (64 hex) | Secure | |
BLAKE3 | 256 bits default | Secure |
Password Hashing Functions
| Algorithm | Type | Recommended? | Notes |
|---|---|---|---|
bcrypt | Adaptive KDF | Yes | |
Argon2id | Memory-hard KDF | Yes (preferred) | |
scrypt | Memory-hard KDF | Yes | |
PBKDF2 | Iterated KDF | Acceptable | |
SHA-256 (plain) | Hash | No | |
MD5 (plain) | Hash | No |
Non-Cryptographic Hash Functions
| Algorithm | Speed | Use Case |
|---|---|---|
CRC32 | Very fast | Error detection in network packets, ZIP files. Not collision-resistant. |
MurmurHash3 | Very fast | Hash tables, bloom filters. Not suitable for security. |
FNV-1a | Fast | Hash maps, checksums. Simple to implement. |
xxHash | Extremely fast | File deduplication, data pipelines. Very high throughput. |
When to Use Which Algorithm
| Scenario | Recommended Algorithm |
|---|---|
Storing user passwords | Argon2id (preferred) or bcrypt (cost ≥ 12) |
Signing JWTs | HS256 (shared secret) or RS256/ES256 (asymmetric) |
File integrity check | SHA-256 or SHA-512 |
TLS certificate hashing | SHA-256 (SHA-1 is deprecated) |
API request signing (HMAC) | HMAC-SHA256 |
Hash table / cache key | xxHash, MurmurHash3 (non-cryptographic) |
Non-security checksum | MD5 or CRC32 (fast, collision-resistant enough) |
Deduplication pipeline | BLAKE3 or xxHash for speed |
How to Generate Cryptographic Hashes
A practical guide to hashing — understand what hash functions do, the difference between MD5, SHA-1, SHA-256, and SHA-512, and how to generate hashes in JavaScript, Python, and the terminal.
Read guide →How to Hash a Password Correctly
A practical guide to storing passwords securely — why plain hashing is wrong, which algorithms to use, how salting works, and what a safe implementation looks like.
Read guide →How to Sign API Requests with HMAC
A practical guide to HMAC request signing — what it proves, how to construct a canonical request, sign it with a shared secret, and verify it on the server.
Read guide →