Cryptographic hashing is the cornerstone of data integrity and digital security. A hash function takes input data of any size and converts it into a fixed-size string of characters — a digest or fingerprint. Unlike encryption, hashing is a one-way function: you cannot reverse a hash back to its original input. This property makes hashing invaluable for password storage, data verification, digital signatures, and blockchain technology.
But not all hashing algorithms are created equal. Some, like MD5, have been broken. Others, like SHA-256, remain mathematically secure. Understanding the difference is critical for any developer or security professional.
What Is a Cryptographic Hash Function?
A cryptographic hash function has five essential properties:
- Deterministic — The same input always produces the same output.
- Fast computation — The hash should be quick to compute for any input.
- Pre-image resistance — Given a hash output, it should be infeasible to find its input.
- Second pre-image resistance — Given an input, it should be infeasible to find a different input producing the same hash.
- Collision resistance — It should be infeasible to find any two distinct inputs that produce the same hash output.
When an algorithm fails any of these properties, it is considered cryptographically broken and should not be used for security.
MD5: Message Digest Algorithm 5
MD5 was designed by Ronald Rivest in 1991 as a replacement for MD4. It produces a 128-bit (16-byte) hash value, typically expressed as a 32-character hexadecimal string.
How MD5 Works
MD5 processes input in 512-bit blocks through four rounds of 16 operations each. It uses bitwise operations, modular addition, and sine functions to produce its 128-bit digest. The algorithm was widely adopted due to its simplicity and speed.
MD5 Vulnerabilities
MD5 is cryptographically broken. The key weaknesses are:
- Collision attacks (2004): Chinese researchers demonstrated the first practical MD5 collision — two distinct inputs producing the same hash.
- Chosen-prefix collisions (2008): Researchers showed they could create two different documents with arbitrary prefixes that shared the same MD5 hash. This was used to create a rogue Certificate Authority certificate.
- Speed works against it: MD5 was designed to be fast, which makes it vulnerable to brute-force and dictionary attacks when used for password hashing.
At just 128 bits, MD5's output space is too small to resist modern collision-finding techniques. A determined attacker with consumer hardware can find collisions in minutes.
When MD5 Is Still Used
Despite its weaknesses, MD5 has legitimate non-security uses:
- File deduplication: Identifying identical files where collisions are not a security concern.
- Non-critical checksums: Verifying file transfers where collision attacks are not a realistic threat model.
- Legacy system compatibility: Older databases and protocols that require MD5 for interoperability.
Never use MD5 for password hashing, digital signatures, certificate verification, or any security-critical application. Use SHA-256 or stronger.
SHA-256: Secure Hash Algorithm 2
SHA-256 is part of the SHA-2 family designed by the National Security Agency (NSA) and published by NIST in 2001. It produces a 256-bit (32-byte) hash value, expressed as a 64-character hexadecimal string.
How SHA-256 Works
SHA-256 processes input in 512-bit blocks through 64 compression rounds (compared to MD5's 16). It uses a different set of logical functions and constant values. The larger internal state (256 bits vs 128 bits) and more rounds make it significantly more resistant to cryptanalysis.
SHA-256 Security
SHA-256 is considered mathematically secure as of 2026. Key properties:
- No practical collisions discovered despite years of intensive analysis.
- Pre-image resistance is effectively 2^256, making brute-force infeasible with any foreseeable technology.
- Used in production by SSL/TLS certificates, blockchain (Bitcoin, Ethereum), code signing, and PGP.
- NIST-approved and recommended by global security standards.
The longest-known SHA-2 attack breaks 46 out of 64 rounds — still far from the full algorithm. Most cryptographers believe SHA-256 will remain secure for decades.
SHA-256 Use Cases
SHA-256 is appropriate for all security-critical hashing:
- File integrity verification: Download sites provide SHA-256 checksums to verify files haven't been tampered with.
- Digital signatures: Used with RSA or ECDSA to sign documents and code.
- Blockchain: Bitcoin uses double-SHA-256 for its proof-of-work system.
- Password hashing (with a salt): While SHA-256 is fast, it's best combined with key stretching like PBKDF2 or used within HMAC.
- Certificate transparency: Logs use SHA-256 to identify certificates.
MD5 vs SHA-256: Quick Comparison
| Property | MD5 | SHA-256 |
|---|---|---|
| Output size | 128 bits (16 bytes) | 256 bits (32 bytes) |
| Collision resistance | Broken | Secure |
| Pre-image resistance | Effectively 2^123.4 (reduced from 2^128) | 2^256 |
| Relative speed | 2x faster | Baseline (slower but more secure) |
| Rounds | 64 (4 rounds × 16 operations) | 64 |
| NIST standard | No | Yes |
| Best for | Non-critical checksums | Security-critical hashing |
Password Hashing: A Special Case
Neither MD5 nor SHA-256 is ideal for password hashing on their own. Both are designed to be fast, which makes them vulnerable to GPU-based brute-force attacks. For passwords, use dedicated password hashing functions:
- bcrypt — Built-in salt, adaptive cost factor, resistant to GPU attacks.
- Argon2 — Winner of the Password Hashing Competition, memory-hard, resistant to side-channel attacks.
- PBKDF2 — NIST-standardized, uses many iterations of HMAC-SHA-256.
Our Bcrypt Generator & Verifier helps you hash and verify passwords using bcrypt with configurable cost factors — all running locally in your browser.
Try It Yourself
Use the Hash Generator to compute MD5 and SHA-256 hashes for any text. See the difference in output length and try to appreciate the mathematical complexity difference — even though both functions appear similar from the outside, the internal machinery of SHA-256 is substantially more robust.
Related Tools
- Bcrypt Generator & Verifier — Secure password hashing with salt
- Text Encrypt / Decrypt — AES-256 encryption for sensitive messages
- File Encrypt & Decrypt — Protect files with AES-256-GCM
- UUID Generator — Generate unique identifiers