Cryptographic hash functions take arbitrary input and produce a fixed-length output called a digest. The same input always produces the same output; any change in input produces a completely different digest. This makes them useful for verifying data integrity, storing passwords (via dedicated functions), and building checksums. Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly with the Hash Generator.
MD5: Broken for Security, Useful for Checksums
MD5 produces a 128-bit (32 hex character) digest and was once the standard for password hashing. In 2004, researchers demonstrated practical collision attacks two different inputs producing the same MD5 hash. By 2008, MD5-signed certificates were being forged.
Use MD5 for: non-security checksums (detecting accidental file corruption), cache keys, quick deduplication.
Never use MD5 for: passwords, digital signatures, security-sensitive data integrity verification.
SHA-1: Deprecated Since 2017
SHA-1 produces 160 bits (40 hex characters). Google's SHAttered attack in 2017 demonstrated a practical SHA-1 collision for the first time. All major certificate authorities stopped issuing SHA-1 signed certificates in 2017. Browsers no longer trust SHA-1 signed certificates. NIST formally deprecated SHA-1 in 2022.
SHA-256: The Current Standard
SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex character) digest. No practical collision or preimage attacks exist. It is:
- The standard for TLS 1.2 and 1.3 digital signatures
- Used in Bitcoin block hashing
- Recommended by NIST for all general-purpose cryptographic hashing
- Available natively in all modern languages and platforms
SHA-512 offers a larger output (512 bits) and is faster on 64-bit CPUs for long inputs but slower for short inputs. Use SHA-256 by default; SHA-512 for specialised requirements.
Password Hashing: Use bcrypt, Argon2, or scrypt
For passwords specifically, never use SHA-256. Raw cryptographic hashes are too fast a GPU can compute billions per second. Password hashing algorithms are intentionally slow:
- bcrypt well-tested, available in every language, configurable cost factor
- Argon2id winner of the Password Hashing Competition, recommended by OWASP
- scrypt memory-hard, resistant to GPU parallelism
Frequently Asked Questions
Can a SHA-256 hash be reversed?
Not computationally. SHA-256 is a one-way function there is no mathematical algorithm to derive the input from the output. However, short or predictable inputs (common passwords, dictionary words) can be found by precomputed rainbow tables. This is why salting (adding random data before hashing) is essential for password storage.
What is HMAC and when should I use it?
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. It verifies both integrity and authenticity that data has not been tampered with and came from someone who knows the key. Use HMAC for API request signing, webhook verification (as used in Stripe and GitHub), and JWT signing with HS256.
Is SHA-256 the same as SHA-2?
SHA-256 is a member of the SHA-2 family. SHA-2 includes SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. SHA-3 is a separate, newer standard with a different internal structure (Keccak sponge construction), currently used in specialised cryptographic applications.