Dev / IT6 min read

MD5 vs SHA-1 vs SHA-256 vs SHA-512: Hash Functions Explained

Understand cryptographic hash functions, the differences between MD5, SHA-1, SHA-256, and SHA-512, and which one to use for your security needs.

What is a Cryptographic Hash Function?

A cryptographic hash function takes an input of any size and produces a fixed-size output (the hash or digest). Hash functions are one-way — you can compute the hash from the input, but you cannot recover the input from the hash. Even a tiny change in the input produces a completely different hash (the avalanche effect).

Key Properties

MD5

MD5 produces a 128-bit (32 hex character) hash. It was widely used but is now considered cryptographically broken. Collision attacks have been demonstrated — two different files can produce the same MD5 hash.

MD5("Hello World") = b10a8db164e0754105b7a99be72e3fe5

⚠️ Do NOT use MD5 for security purposes — passwords, certificate fingerprints, or digital signatures. Use only for non-security checksums like file integrity verification in trusted environments.

SHA-1

SHA-1 produces a 160-bit (40 hex character) hash. Like MD5, it has been broken — collision attacks have been demonstrated (Google's SHAttered attack in 2017). Major browsers no longer accept SSL certificates signed with SHA-1.

SHA1("Hello World") = 0a4d55a8d778e5022fab701977c5d840bbc486d0

SHA-256

SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex character) hash. It is the current standard for most security applications, including SSL/TLS certificates, Bitcoin, JWT signatures, and code signing.

SHA256("Hello World") = a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

SHA-512

SHA-512 produces a 512-bit (128 hex character) hash. It is more secure than SHA-256 but slower on 32-bit systems. It performs better on 64-bit systems due to its 64-bit operations. Use SHA-512 for password hashing combined with a proper algorithm like bcrypt or Argon2.

Comparison Table

AlgorithmOutput SizeSpeedSecurity StatusUse Case
MD5128-bit (32 chars)Very fast❌ BrokenLegacy checksums only
SHA-1160-bit (40 chars)Fast❌ BrokenLegacy only
SHA-256256-bit (64 chars)Fast✅ SecureSSL, JWT, Bitcoin, general use
SHA-384384-bit (96 chars)Medium✅ SecureHigh-security applications
SHA-512512-bit (128 chars)Fast on 64-bit✅ SecurePassword hashing base, file integrity

Practical Use Cases

TRY THE FREE TOOL

Hash Generator

Generate MD5, SHA-256, SHA-512 hashes

Open Tool →
← Back to all articles