Is MD5 still safe to use?

MD5 is cryptographically broken — collisions can be generated in seconds. However, it is still fine for non-security purposes like checksums, cache keys, deduplication, and hash table lookups where adversarial collision resistance is not required. Never use MD5 for passwords, certificates, or any security-sensitive application.

What is the difference between SHA-256 and SHA-3?

Both produce 256-bit hashes with strong collision resistance. SHA-256 uses Merkle-Damgard construction; SHA-3 uses sponge construction (Keccak). SHA-3 exists as an independent backup in case a structural weakness is ever found in SHA-2. For practical purposes, both are equally secure today.

What is the difference between hashing and encryption?

Hashing is a one-way function — you cannot recover the original input from the hash. Encryption is two-way — encrypted data can be decrypted with the correct key. Use hashing for verification and integrity checking; use encryption when you need to later retrieve the original data.

What does salting a password hash mean?

A salt is random data (typically 16-32 bytes) added to the password before hashing. This ensures that identical passwords produce different hashes, preventing rainbow table attacks. Each user gets a unique salt stored alongside their hash. All modern password hashing algorithms (Argon2, bcrypt, scrypt) handle salting automatically.

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce an authentication code. It verifies both data integrity and authenticity — ensuring the message was not modified and was sent by someone with the secret key. HMAC-SHA256 is widely used in API authentication, JWT tokens, and secure communications.

MD5 vs SHA-1 vs SHA-256 vs SHA-3: Hash Functions Explained

Hash functions are one of the most fundamental building blocks in computer science and cryptography. They take arbitrary input and produce a fixed-size output (the "hash" or "digest") that acts as a unique fingerprint of the data. This guide compares the most commonly used hash functions, explains when each is appropriate, and clarifies why some are no longer safe for security purposes.

What Is a Hash Function?

A cryptographic hash function has five essential properties:

Deterministic: The same input always produces the same output.
Fast to compute: Generating a hash is computationally efficient.
Pre-image resistant: Given a hash, it is infeasible to find the original input.
Small changes cascade: Changing even one bit of input completely changes the output (avalanche effect).
Collision resistant: It is infeasible to find two different inputs that produce the same hash.

Hash Function Comparison

Algorithm	Output Size	Speed	Collision Resistance	Status
MD5	128 bits (32 hex)	Very fast	Broken	Deprecated for security
SHA-1	160 bits (40 hex)	Fast	Broken	Deprecated for security
SHA-256	256 bits (64 hex)	Moderate	Strong	Current standard
SHA-384	384 bits (96 hex)	Same as SHA-512	Strong	Active
SHA-512	512 bits (128 hex)	Moderate	Strong	Active
SHA-3 (256)	256 bits (64 hex)	Moderate	Strong	Active (Keccak-based)
BLAKE3	256 bits (variable)	Very fast	Strong	Modern alternative

Why MD5 and SHA-1 Are Broken

MD5 was designed by Ron Rivest in 1991 and was the standard hash function for over a decade. In 2004, researchers demonstrated practical collision attacks, and by 2008, collisions could be generated in seconds on ordinary hardware. Today, MD5 should never be used for any security purpose.

SHA-1 (Secure Hash Algorithm 1) was designed by the NSA and published in 1995. In 2017, Google and CWI Amsterdam demonstrated the first practical SHA-1 collision (the "SHAttered" attack). Major browsers, Git, and certificate authorities have since moved away from SHA-1.

Still safe for non-security use: MD5 and SHA-1 remain perfectly fine for checksums, cache keys, data deduplication, and hash-based data structures where adversarial collision resistance is not required.

SHA-2 Family: The Current Standard

SHA-256 and SHA-512 belong to the SHA-2 family, designed by the NSA and published in 2001. SHA-256 is the most widely used hash function in the world today:

Bitcoin and blockchain: SHA-256 is the proof-of-work algorithm for Bitcoin mining.
TLS/SSL certificates: All modern HTTPS certificates use SHA-256 signatures.
File integrity: Software downloads commonly provide SHA-256 checksums for verification.
Digital signatures: ECDSA and RSA signatures typically hash with SHA-256.

SHA-512 uses 64-bit operations and is actually faster than SHA-256 on 64-bit processors. SHA-384 is a truncated variant of SHA-512.

SHA-3: The Insurance Policy

SHA-3 was standardized in 2015 after a public competition (won by the Keccak team). It is not a replacement for SHA-2 — SHA-2 remains unbroken. Rather, SHA-3 provides a fundamentally different design (sponge construction vs Merkle-Damgard) as insurance against a future breakthrough that might affect SHA-2.

BLAKE3: The Speed Champion

BLAKE3 (2020) is the fastest general-purpose hash function, significantly outperforming SHA-256 and SHA-3. It is parallelizable, supports incremental hashing, and produces output of any length. BLAKE3 is increasingly used in file integrity checking, content-addressed storage, and performance-sensitive applications.

Hash Functions for Password Storage

Never use raw SHA-256 or MD5 for passwords. General-purpose hash functions are too fast — an attacker can test billions of password guesses per second. Instead, use purpose-built password hashing algorithms:

Algorithm	Recommendation	Key Feature
Argon2id	Best choice (2015)	Memory-hard, resistant to GPU attacks
bcrypt	Good choice (1999)	Adaptive cost factor, widely supported
scrypt	Good choice (2009)	Memory-hard, configurable parameters
PBKDF2	Acceptable (legacy)	Simple, NIST-approved, but not memory-hard

These algorithms are deliberately slow and include a random salt to prevent rainbow table attacks. Argon2id is the current recommendation from OWASP and the Password Hashing Competition.

Choosing the Right Hash Function

File checksums and integrity: SHA-256 (standard) or BLAKE3 (faster)
Digital signatures and certificates: SHA-256
Password storage: Argon2id, bcrypt, or scrypt (never raw SHA/MD5)
Cache keys and deduplication: MD5 or SHA-1 (speed matters, adversarial resistance does not)
Blockchain and proof-of-work: SHA-256 (Bitcoin) or Ethash/Keccak-256 (Ethereum)
Maximum future-proofing: SHA-3 or BLAKE3

Generate and verify hashes instantly with the WizlyTools Hash Generator — supporting SHA-256, SHA-384, and SHA-512 directly in your browser.

What Is a Hash Function?

A cryptographic hash function has five essential properties:

Deterministic: The same input always produces the same output.
Fast to compute: Generating a hash is computationally efficient.
Pre-image resistant: Given a hash, it is infeasible to find the original input.
Small changes cascade: Changing even one bit of input completely changes the output (avalanche effect).
Collision resistant: It is infeasible to find two different inputs that produce the same hash.

Hash Function Comparison

Algorithm	Output Size	Speed	Collision Resistance	Status
MD5	128 bits (32 hex)	Very fast	Broken	Deprecated for security
SHA-1	160 bits (40 hex)	Fast	Broken	Deprecated for security
SHA-256	256 bits (64 hex)	Moderate	Strong	Current standard
SHA-384	384 bits (96 hex)	Same as SHA-512	Strong	Active
SHA-512	512 bits (128 hex)	Moderate	Strong	Active
SHA-3 (256)	256 bits (64 hex)	Moderate	Strong	Active (Keccak-based)
BLAKE3	256 bits (variable)	Very fast	Strong	Modern alternative

Why MD5 and SHA-1 Are Broken

SHA-2 Family: The Current Standard

SHA-256 and SHA-512 belong to the SHA-2 family, designed by the NSA and published in 2001. SHA-256 is the most widely used hash function in the world today:

Bitcoin and blockchain: SHA-256 is the proof-of-work algorithm for Bitcoin mining.
TLS/SSL certificates: All modern HTTPS certificates use SHA-256 signatures.
File integrity: Software downloads commonly provide SHA-256 checksums for verification.
Digital signatures: ECDSA and RSA signatures typically hash with SHA-256.

SHA-512 uses 64-bit operations and is actually faster than SHA-256 on 64-bit processors. SHA-384 is a truncated variant of SHA-512.

SHA-3: The Insurance Policy

BLAKE3: The Speed Champion

Hash Functions for Password Storage

Algorithm	Recommendation	Key Feature
Argon2id	Best choice (2015)	Memory-hard, resistant to GPU attacks
bcrypt	Good choice (1999)	Adaptive cost factor, widely supported
scrypt	Good choice (2009)	Memory-hard, configurable parameters
PBKDF2	Acceptable (legacy)	Simple, NIST-approved, but not memory-hard

These algorithms are deliberately slow and include a random salt to prevent rainbow table attacks. Argon2id is the current recommendation from OWASP and the Password Hashing Competition.

Choosing the Right Hash Function

File checksums and integrity: SHA-256 (standard) or BLAKE3 (faster)
Digital signatures and certificates: SHA-256
Password storage: Argon2id, bcrypt, or scrypt (never raw SHA/MD5)
Cache keys and deduplication: MD5 or SHA-1 (speed matters, adversarial resistance does not)
Blockchain and proof-of-work: SHA-256 (Bitcoin) or Ethash/Keccak-256 (Ethereum)
Maximum future-proofing: SHA-3 or BLAKE3

Generate and verify hashes instantly with the WizlyTools Hash Generator — supporting SHA-256, SHA-384, and SHA-512 directly in your browser.

MD5 vs SHA-1 vs SHA-256 vs SHA-3: Hash Functions Explained

What Is a Hash Function?

Hash Function Comparison

Why MD5 and SHA-1 Are Broken

SHA-2 Family: The Current Standard

SHA-3: The Insurance Policy

BLAKE3: The Speed Champion

Hash Functions for Password Storage

Choosing the Right Hash Function

Frequently Asked Questions

Related Tools

MD5 vs SHA-1 vs SHA-256 vs SHA-3: Hash Functions Explained

What Is a Hash Function?

Hash Function Comparison

Why MD5 and SHA-1 Are Broken

SHA-2 Family: The Current Standard

SHA-3: The Insurance Policy

BLAKE3: The Speed Champion

Hash Functions for Password Storage

Choosing the Right Hash Function

Frequently Asked Questions

Related Tools