MD5 vs SHA-256: Which Hash Algorithm Should You Use?
Hash functions are everywhere in software engineering β from verifying file downloads to storing passwords to building data structures. But with multiple algorithms available, which one should you choose?
What Is a Hash Function?
A cryptographic hash function takes input of any size and produces a fixed-size output (the βdigestβ or βhashβ). Key properties:
- Deterministic β the same input always produces the same hash
- Fast to compute β hashing a file should be quick
- One-way β you cannot reverse a hash to recover the original input
- Collision-resistant β it should be infeasible to find two inputs that produce the same hash
- Avalanche effect β a tiny change in input produces a completely different hash
MD5 at a Glance
| Property | Value |
|---|---|
| Output size | 128 bits (32 hex characters) |
| Published | 1992 (Ron Rivest) |
| Speed | Very fast |
| Security status | Broken β collision attacks demonstrated in 2004 |
Example: md5("hello") = 5d41402abc4b2a76b9719d911017c592
SHA-256 at a Glance
| Property | Value |
|---|---|
| Output size | 256 bits (64 hex characters) |
| Published | 2001 (NSA/NIST) |
| Speed | Slower than MD5 (roughly 3-5x) |
| Security status | Secure β no known practical attacks |
Example: sha256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Security: The Critical Difference
MD5 is cryptographically broken. In 2004, researchers demonstrated that itβs possible to create two different inputs that produce the same MD5 hash (a βcollisionβ). In 2008, researchers used MD5 collisions to create a rogue SSL certificate. In 2012, the Flame malware used an MD5 collision to forge a Microsoft code-signing certificate.
This means MD5 should never be used for:
- Password hashing
- Digital signatures
- Certificate validation
- Any security-critical application
SHA-256 remains secure. No practical collision attacks have been found. It is part of the SHA-2 family designed by the NSA and standardized by NIST. Itβs used in TLS/SSL certificates, Bitcoin mining, code signing, and modern password hashing schemes.
Code Examples
Python
import hashlib
text = "Hello, World!"
# MD5
md5_hash = hashlib.md5(text.encode()).hexdigest()
print(f"MD5: {md5_hash}")
# 65a8e27d8879283831b664bd8b7f0ad4
# SHA-256
sha256_hash = hashlib.sha256(text.encode()).hexdigest()
print(f"SHA-256: {sha256_hash}")
# dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f
# Hash a file
with open("document.pdf", "rb") as f:
file_hash = hashlib.sha256(f.read()).hexdigest()
Node.js
const crypto = require('crypto');
const text = 'Hello, World!';
// MD5
const md5 = crypto.createHash('md5').update(text).digest('hex');
console.log(`MD5: ${md5}`);
// SHA-256
const sha256 = crypto.createHash('sha256').update(text).digest('hex');
console.log(`SHA-256: ${sha256}`);
// HMAC-SHA256 (for API authentication)
const hmac = crypto.createHmac('sha256', 'secret-key')
.update(text)
.digest('hex');
console.log(`HMAC: ${hmac}`);
Bash / Command Line
# Hash a string
echo -n "Hello, World!" | md5sum
echo -n "Hello, World!" | sha256sum
# Hash a file
md5sum document.pdf
sha256sum document.pdf
# Verify a file against a known hash
echo "expected_hash document.pdf" | sha256sum --check
Go
import (
"crypto/md5"
"crypto/sha256"
"fmt"
)
data := []byte("Hello, World!")
md5Hash := fmt.Sprintf("%x", md5.Sum(data))
sha256Hash := fmt.Sprintf("%x", sha256.Sum256(data))
When to Use MD5 (Yes, There Are Valid Cases)
Despite being cryptographically broken, MD5 is still useful for non-security applications:
- Checksums for data integrity β verifying file transfers, cache invalidation, detecting accidental corruption. An attacker can forge an MD5 collision, but accidental corruption producing the same hash is still astronomically unlikely.
- Hash tables and deduplication β as a fast hash for data structures where security isnβt a concern.
- Content-addressable storage β Git uses SHA-1 (also broken), but itβs acceptable because the threat model doesnβt involve active collision attacks.
- Legacy system compatibility β when interacting with systems that require MD5.
Key principle: If the threat model includes a malicious adversary who might craft collisions, donβt use MD5. If youβre just detecting accidental changes, MD5 is fine and faster.
When to Use SHA-256
- Password hashing β though never alone; use bcrypt, scrypt, or Argon2 which use SHA-256 internally with salting and key stretching
- Digital signatures and certificates
- HMAC for API authentication (HMAC-SHA256)
- File integrity in adversarial environments (software distribution, blockchain)
- Any new project where security matters
Performance Comparison
SHA-256 is roughly 3-5x slower than MD5 for the same input. On modern hardware:
| Algorithm | Speed (approx.) | Output |
|---|---|---|
| MD5 | ~600 MB/s | 32 hex chars |
| SHA-256 | ~200 MB/s | 64 hex chars |
| BLAKE3 | ~1,000 MB/s | 64 hex chars |
For most applications, this difference is negligible. If youβre hashing millions of small values per second (like in a hash table), the speed difference might matter β but then you should consider non-cryptographic hash functions like xxHash or FNV instead.
Beyond MD5 and SHA-256
| Algorithm | Output | Status | Use case |
|---|---|---|---|
| MD5 | 128-bit | Broken | Non-security checksums |
| SHA-1 | 160-bit | Broken | Legacy (Git), being phased out |
| SHA-256 | 256-bit | Secure | General-purpose secure hashing |
| SHA-512 | 512-bit | Secure | When you need a longer hash |
| SHA-3 | Variable | Secure | Alternative to SHA-2, different design |
| BLAKE3 | 256-bit | Secure | Very fast, modern design |
For password storage specifically, none of the above are appropriate on their own. Use purpose-built password hashing functions like bcrypt, scrypt, or Argon2 β they add salting and deliberate slowness to resist brute-force attacks.
Try It Yourself
Use our Hash Generator to compute MD5 and SHA-256 hashes of any text β entirely in your browser with no server involved. You can also check out the Password Generator for creating strong passwords that resist hash-based attacks, and read our guide on how to generate secure passwords for best practices.
Hash algorithms also play a key role in JWT token signatures β understanding hashing helps you choose the right signing algorithm for your authentication system.
Further Reading
- NIST FIPS 180-4 β Secure Hash Standard (SHA-256 specification)
- RFC 1321 β The MD5 Message-Digest Algorithm
- SHAttered β First SHA-1 collision (demonstrates why SHA-1 is broken)
- How To Safely Store A Password β Classic article on bcrypt and password hashing