Β· By DevToolHub Team

MD5 vs SHA-256: Which Hash Algorithm Should You Use?

Hash functions are everywhere in software engineering β€” from verifying file downloads to storing passwords to building data structures. But with multiple algorithms available, which one should you choose?

What Is a Hash Function?

A cryptographic hash function takes input of any size and produces a fixed-size output (the β€œdigest” or β€œhash”). Key properties:

  • Deterministic β€” the same input always produces the same hash
  • Fast to compute β€” hashing a file should be quick
  • One-way β€” you cannot reverse a hash to recover the original input
  • Collision-resistant β€” it should be infeasible to find two inputs that produce the same hash
  • Avalanche effect β€” a tiny change in input produces a completely different hash

MD5 at a Glance

PropertyValue
Output size128 bits (32 hex characters)
Published1992 (Ron Rivest)
SpeedVery fast
Security statusBroken β€” collision attacks demonstrated in 2004

Example: md5("hello") = 5d41402abc4b2a76b9719d911017c592

SHA-256 at a Glance

PropertyValue
Output size256 bits (64 hex characters)
Published2001 (NSA/NIST)
SpeedSlower than MD5 (roughly 3-5x)
Security statusSecure β€” no known practical attacks

Example: sha256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Security: The Critical Difference

MD5 is cryptographically broken. In 2004, researchers demonstrated that it’s possible to create two different inputs that produce the same MD5 hash (a β€œcollision”). In 2008, researchers used MD5 collisions to create a rogue SSL certificate. In 2012, the Flame malware used an MD5 collision to forge a Microsoft code-signing certificate.

This means MD5 should never be used for:

  • Password hashing
  • Digital signatures
  • Certificate validation
  • Any security-critical application

SHA-256 remains secure. No practical collision attacks have been found. It is part of the SHA-2 family designed by the NSA and standardized by NIST. It’s used in TLS/SSL certificates, Bitcoin mining, code signing, and modern password hashing schemes.

Code Examples

Python

import hashlib

text = "Hello, World!"

# MD5
md5_hash = hashlib.md5(text.encode()).hexdigest()
print(f"MD5:    {md5_hash}")
# 65a8e27d8879283831b664bd8b7f0ad4

# SHA-256
sha256_hash = hashlib.sha256(text.encode()).hexdigest()
print(f"SHA-256: {sha256_hash}")
# dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f

# Hash a file
with open("document.pdf", "rb") as f:
    file_hash = hashlib.sha256(f.read()).hexdigest()

Node.js

const crypto = require('crypto');

const text = 'Hello, World!';

// MD5
const md5 = crypto.createHash('md5').update(text).digest('hex');
console.log(`MD5:     ${md5}`);

// SHA-256
const sha256 = crypto.createHash('sha256').update(text).digest('hex');
console.log(`SHA-256: ${sha256}`);

// HMAC-SHA256 (for API authentication)
const hmac = crypto.createHmac('sha256', 'secret-key')
  .update(text)
  .digest('hex');
console.log(`HMAC:    ${hmac}`);

Bash / Command Line

# Hash a string
echo -n "Hello, World!" | md5sum
echo -n "Hello, World!" | sha256sum

# Hash a file
md5sum document.pdf
sha256sum document.pdf

# Verify a file against a known hash
echo "expected_hash  document.pdf" | sha256sum --check

Go

import (
    "crypto/md5"
    "crypto/sha256"
    "fmt"
)

data := []byte("Hello, World!")

md5Hash := fmt.Sprintf("%x", md5.Sum(data))
sha256Hash := fmt.Sprintf("%x", sha256.Sum256(data))

When to Use MD5 (Yes, There Are Valid Cases)

Despite being cryptographically broken, MD5 is still useful for non-security applications:

  • Checksums for data integrity β€” verifying file transfers, cache invalidation, detecting accidental corruption. An attacker can forge an MD5 collision, but accidental corruption producing the same hash is still astronomically unlikely.
  • Hash tables and deduplication β€” as a fast hash for data structures where security isn’t a concern.
  • Content-addressable storage β€” Git uses SHA-1 (also broken), but it’s acceptable because the threat model doesn’t involve active collision attacks.
  • Legacy system compatibility β€” when interacting with systems that require MD5.

Key principle: If the threat model includes a malicious adversary who might craft collisions, don’t use MD5. If you’re just detecting accidental changes, MD5 is fine and faster.

When to Use SHA-256

  • Password hashing β€” though never alone; use bcrypt, scrypt, or Argon2 which use SHA-256 internally with salting and key stretching
  • Digital signatures and certificates
  • HMAC for API authentication (HMAC-SHA256)
  • File integrity in adversarial environments (software distribution, blockchain)
  • Any new project where security matters

Performance Comparison

SHA-256 is roughly 3-5x slower than MD5 for the same input. On modern hardware:

AlgorithmSpeed (approx.)Output
MD5~600 MB/s32 hex chars
SHA-256~200 MB/s64 hex chars
BLAKE3~1,000 MB/s64 hex chars

For most applications, this difference is negligible. If you’re hashing millions of small values per second (like in a hash table), the speed difference might matter β€” but then you should consider non-cryptographic hash functions like xxHash or FNV instead.

Beyond MD5 and SHA-256

AlgorithmOutputStatusUse case
MD5128-bitBrokenNon-security checksums
SHA-1160-bitBrokenLegacy (Git), being phased out
SHA-256256-bitSecureGeneral-purpose secure hashing
SHA-512512-bitSecureWhen you need a longer hash
SHA-3VariableSecureAlternative to SHA-2, different design
BLAKE3256-bitSecureVery fast, modern design

For password storage specifically, none of the above are appropriate on their own. Use purpose-built password hashing functions like bcrypt, scrypt, or Argon2 β€” they add salting and deliberate slowness to resist brute-force attacks.

Try It Yourself

Use our Hash Generator to compute MD5 and SHA-256 hashes of any text β€” entirely in your browser with no server involved. You can also check out the Password Generator for creating strong passwords that resist hash-based attacks, and read our guide on how to generate secure passwords for best practices.

Hash algorithms also play a key role in JWT token signatures β€” understanding hashing helps you choose the right signing algorithm for your authentication system.

Further Reading

FAQ

Is MD5 completely useless now?
No. MD5 is broken for security purposes (digital signatures, certificates, password hashing), but it's still perfectly fine for non-security uses like checksums, cache keys, and deduplication. The collision vulnerability means an attacker can intentionally craft two inputs with the same hash β€” but accidental collisions are still essentially impossible.
Can you "decrypt" an MD5 or SHA-256 hash?
No. Hash functions are one-way by design β€” there is no mathematical reverse operation. "Cracking" a hash means trying many inputs until one matches (brute force) or using precomputed tables (rainbow tables). This is why strong, salted passwords are important β€” they make brute force infeasible.
Why not just always use SHA-512 instead of SHA-256?
SHA-512 is not more secure than SHA-256 for practical purposes β€” both are far beyond what any attacker can break. SHA-512 produces a longer hash (128 hex chars vs 64), which means more storage and bandwidth. Use SHA-256 unless you have a specific reason for the longer output (e.g., some protocols require it).
What's the difference between hashing and encryption?
Hashing is one-way (you cannot recover the original), produces a fixed-size output, and uses no key. Encryption is two-way (you can decrypt with the right key), preserves data size approximately, and requires a key. Use hashing for verification and integrity; use encryption (AES, RSA) for confidentiality.
Should I use SHA-256 to hash passwords?
Not directly. Plain SHA-256 is too fast β€” an attacker can try billions of guesses per second. Instead, use password-specific algorithms like bcrypt, scrypt, or Argon2. These are deliberately slow, use salts (random data mixed into each hash), and have configurable work factors to stay ahead of hardware improvements.
hash md5 sha256 security crypto

Related Tools

Related Articles