Hash Functions Explained: MD5 vs SHA-1 vs SHA-256

A cryptographic hash function takes any input — a word, a file, a gigabyte of video — and produces a fixed-length string of bytes called a digest. The same input always produces the same digest, but even a one-bit change in the input scrambles the output completely. Critically, the function is one-way: given a digest, there is no practical way to work backwards to the original input. These properties make hashes useful for two broad jobs. The first is integrity — confirming a file downloaded correctly by comparing its hash to a published value. The second is fingerprinting — using a digest as a compact, comparable identity for some data. You can try this hands-on with the hash generator: type some text, watch the digest change with every keystroke, and notice that identical inputs always yield identical output. Everything happens in your browser, so the input never leaves your machine. Three formal properties define a good cryptographic hash: it should be deterministic and fast to compute, infeasible to reverse from the digest back to the input (preimage resistance), and infeasible to find two inputs sharing a digest (collision resistance). When any of these break down, the algorithm loses its security value even though it keeps producing output.

A collision is when two different inputs produce the same digest. Because a hash maps an unlimited set of inputs onto a finite set of outputs, collisions must exist mathematically — the question is whether anyone can find one on purpose. For a secure hash, finding a collision should be computationally infeasible. When researchers discover an efficient way to produce collisions, the function is considered broken for security purposes, because an attacker could substitute a malicious file that shares the digest of a trusted one. This is exactly what happened to older algorithms. MD5 has been collision-broken for years; practical collisions can be generated in seconds on ordinary hardware. SHA-1 was later broken too, with a documented collision demonstrated by security researchers. Both should be treated as unsafe wherever an attacker might benefit from a forgery — digital signatures, certificates, or tamper detection.

Being broken for security does not make these algorithms useless. The collision attacks require a motivated adversary crafting inputs; they do not affect honest, accidental error detection. That means MD5 and SHA-1 remain perfectly reasonable for non-security checksums: verifying that a file copied across a network without corruption, deduplicating files, sharding data into buckets, or generating cache keys. In these scenarios nobody is trying to trick you — you only care whether two pieces of data are byte-for-byte identical, and a fast hash does that job well. SHA-256, part of the SHA-2 family, is the current workhorse for security. It has no known practical collision attacks and is the sensible default for signatures, integrity checks that matter, and content addressing. When in doubt, reach for SHA-256. You can compare all of these side by side in the hash generator to see how digest length and output differ between algorithms.

Here is the most important rule in this guide: never store passwords with a plain fast hash like MD5, SHA-1, or even SHA-256. Fast hashes are the problem, not the solution, for passwords. The reason is speed. A general-purpose hash is designed to be fast, so an attacker who steals your database can try billions of guesses per second against each hash, and precomputed "rainbow tables" make it faster still. Two defences fix this. Salting adds a unique random value to each password before hashing. It ensures two users with the same password get different digests and defeats rainbow tables, because the attacker cannot precompute anything. A slow key-derivation function (KDF) is deliberately expensive to compute. bcrypt is a popular choice: it builds salting in and has a tunable cost factor, so you can make each guess take a fraction of a second. That is invisible to a legitimate login but turns an attacker's billions-per-second into a crawl. Argon2 and scrypt are modern alternatives with similar goals. For message authentication rather than storage, you want a keyed hash instead. The HMAC generator shows how combining a secret key with a hash produces a tag that proves both integrity and authenticity.