MD5 vs SHA-256
MD5 and SHA-256 both convert input data into a fixed-size hash digest, but they were designed in different eras and have very different security properties. MD5 is broken for security purposes; SHA-256 is the current standard.
MD5 and SHA-256 are both cryptographic hash functions, but SHA-256 is far more secure. Compare their output length, speed, collision resistance, and when each is appropriate to use.
MD5
Open MD5 →MD5 (Message Digest 5) produces a 128-bit (32 hex character) hash. It was designed in 1991 and is extremely fast. MD5 collision attacks are practical on modern hardware — two different inputs can be engineered to produce the same hash.
Use cases
- Checksums for verifying file integrity in non-adversarial contexts (e.g. checking a download completed without corruption)
- Cache keys and ETag generation where security is not required
- Database deduplication where speed matters more than collision resistance
- Legacy systems that cannot be migrated to stronger algorithms
Strengths
- Very fast to compute — useful for high-throughput checksumming
- Short 32-character output is easy to store and compare
- Universally supported across all languages and systems
Limitations
- Cryptographically broken — collision attacks are practical
- Should never be used for password hashing, digital signatures, or TLS
- 128-bit output is too short for modern security requirements
SHA-256
Open SHA-256 →SHA-256 (Secure Hash Algorithm 256-bit) is part of the SHA-2 family, standardised by NIST in 2001. It produces a 256-bit (64 hex character) digest. No practical collision attacks exist against SHA-256.
Use cases
- Digital signatures and certificate fingerprints (TLS, code signing)
- HMAC message authentication in APIs and webhooks
- Content-addressable storage and file integrity verification
- Blockchain and cryptocurrency (Bitcoin uses SHA-256 for proof of work)
Strengths
- No known practical collision or preimage attacks
- Standardised by NIST and approved for use in government and financial systems
- 256-bit output provides a large security margin against brute force
Limitations
- Slower than MD5, though still fast enough for most use cases
- 64-character hex output is longer to store and transmit
- Not suitable for password hashing — use bcrypt, scrypt, or Argon2 instead
Never use MD5 for anything security-sensitive — it is cryptographically broken. Use SHA-256 for checksums, digital signatures, HMAC authentication, and any context where an adversary might try to forge or tamper with the hash. For password storage, neither MD5 nor SHA-256 is appropriate — use a purpose-built password hashing algorithm like bcrypt, scrypt, or Argon2 instead.
Is MD5 completely useless today?
MD5 is still useful for non-security purposes like checksumming downloaded files for accidental corruption (not adversarial tampering), generating cache keys, or computing ETags. It is only broken in contexts where an attacker can craft a collision — which requires an adversary. For security-sensitive use cases, always prefer SHA-256 or stronger.
Can SHA-256 be used to hash passwords?
No. SHA-256 is too fast — a GPU can compute billions of SHA-256 hashes per second, making brute-force attacks against hashed passwords practical. Password hashing requires a deliberately slow algorithm with a cost factor that can be increased over time. Use bcrypt, scrypt, or Argon2 for passwords.
What is SHA-512 and should I use it instead of SHA-256?
SHA-512 is part of the same SHA-2 family and produces a 512-bit digest. It is faster than SHA-256 on 64-bit CPUs. Both have equivalent security margins for practical purposes. SHA-256 is more widely supported and is the default recommendation for most use cases.
How to Generate Cryptographic Hashes
A practical guide to hashing — understand what hash functions do, the difference between MD5, SHA-1, SHA-256, and SHA-512, and how to generate hashes in JavaScript, Python, and the terminal.
Read guide →How to Hash a Password Correctly
A practical guide to storing passwords securely — why plain hashing is wrong, which algorithms to use, how salting works, and what a safe implementation looks like.
Read guide →How to Sign API Requests with HMAC
A practical guide to HMAC request signing — what it proves, how to construct a canonical request, sign it with a shared secret, and verify it on the server.
Read guide →Base64 vs URL Encoding
Base64 and URL encoding both transform data into a safe text format, but they serve different purposes. Learn when to use each, how they differ, and which to choose for your use case.
JSON vs YAML
JSON and YAML both represent structured data but differ in syntax, readability, and use cases. Compare them side by side to decide which format suits your configuration files and APIs.
JSON vs CSV
JSON and CSV are both popular formats for storing and exchanging tabular data, but they suit different use cases. Compare their structure, flexibility, and compatibility to choose the right format.