ToolZip
·11 min read·Encoding & Security

MD5 vs SHA-256: Which Hash Function Should You Use?

Compare MD5 and SHA-256 hash functions side by side. Learn the differences in security, speed, output size, and when to use each — with practical examples for checksums, passwords, digital signatures, and blockchain.

Try our free Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-512 & HMAC hashes instantly. Compare outputs side by side.

Open Tool

What Is a Hash Function?

A hash function takes any input — a string, a file, an entire database — and produces a fixed-size output called a hash (also called a digest or checksum). The same input always produces the same hash, but even a tiny change in the input produces a completely different hash.

Input:  "Hello"       → MD5:    8b1a9953c4611296a827abf8c47804d7
Input:  "Hello"       → SHA-256: 185f8db32271fe25f561a6fc938b2e26...
Input:  "Hello!"      → MD5:    952d2c56d0485958336747bcdd98590d
                                 ↑ completely different with just "!"

Hash functions have three critical properties:

  • 1. Deterministic — the same input always produces the same output.
  • 2. One-way — you cannot reverse a hash to get the original input.
  • 3. Collision-resistant — it should be practically impossible to find two different inputs that produce the same hash. This is where MD5 fails.

MD5 Explained

MD5 (Message Digest Algorithm 5) was designed by Ronald Rivest in 1991. It produces a 128-bit (16-byte) hash, typically displayed as a 32-character hexadecimal string.

MD5 Hash Example
d41d8cd98f00b204e9800998ecf8427e
MD5 hash of an empty string — 32 hex characters (128 bits)

MD5 was widely used for decades — file checksums, password storage, digital signatures. But in 2004, Chinese researcher Xiaoyun Wang demonstrated that MD5 collisions could be found in minutes, not centuries. By 2008, researchers created a rogue SSL certificate using MD5 collisions. In 2012, the Flame malware exploited MD5 weaknesses to forge Windows Update certificates.

MD5 Is Cryptographically Broken

Two different inputs can be crafted to produce the same MD5 hash (a collision). This makes MD5 unsuitable for any security purpose: password hashing, digital signatures, certificate validation, or data integrity verification where an attacker could substitute content.

Try generating an MD5 hash right now with our Hash Generator — it computes MD5, SHA-1, SHA-256, SHA-512, and HMAC all at once so you can compare outputs.

SHA-256 Explained

SHA-256 (Secure Hash Algorithm 256-bit) is part of the SHA-2 family, designed by the NSA and published by NIST in 2001. It produces a 256-bit (32-byte) hash, displayed as a 64-character hexadecimal string.

SHA-256 Hash Example
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-256 hash of an empty string — 64 hex characters (256 bits)

SHA-256 has no known collisions. The output space is 2256 — a number so large that finding a collision by brute force would require more energy than the sun will produce in its lifetime. SHA-256 is the backbone of:

  • Bitcoin and blockchain — block hashing and proof-of-work
  • TLS/SSL certificates — HTTPS connections use SHA-256 for certificate signing
  • Git — transitioning from SHA-1 to SHA-256 for commit hashing
  • Code signing — verifying software authenticity (npm, Docker images)
  • HMAC-SHA256 — API authentication (AWS Signature V4, JWT signing)

MD5 vs SHA-256: Side-by-Side Comparison

FeatureMD5SHA-256
Output size128 bits (32 hex chars)256 bits (64 hex chars)
SpeedVery fast (~600 MB/s)Fast (~250 MB/s)
Collision resistanceBroken (2004)Secure (no known collisions)
Pre-image resistanceWeakened but practicalSecure
Year designed19912001
Designed byRonald Rivest (MIT)NSA / NIST
Use for checksumsYes (non-adversarial)Yes
Use for passwordsNoNo (use bcrypt/Argon2)
Use for signaturesNoYes
Use for blockchainNoYes (Bitcoin)

Generate both hashes side by side with our Hash Generator — paste any text and see MD5, SHA-1, SHA-256, and SHA-512 outputs simultaneously.

When MD5 Is Still Fine to Use

MD5 is broken for security, but it's still useful where collision resistance doesn't matter:

File checksums (non-adversarial)

Checking if a file was corrupted during download or transfer. If nobody is actively trying to deceive you, MD5 is fast and reliable for detecting accidental corruption.

md5sum ubuntu-24.04-desktop-amd64.iso

Cache keys and deduplication

Generating cache keys from request parameters, or identifying duplicate files in storage. Speed matters more than collision resistance here.

const cacheKey = md5(JSON.stringify(queryParams));

Database sharding and distribution

Distributing data across partitions based on MD5 hash of a key. The uniformity of MD5's output is well-studied and reliable.

partition = md5(userId) % numPartitions

Non-sensitive fingerprinting

Generating short identifiers for content matching, ETags for HTTP caching, or tracking content versions where security isn't a concern.

ETag: "8b1a9953c4611296a827abf8c47804d7"

When You Must Use SHA-256

Any scenario where an attacker could exploit a collision requires SHA-256 or stronger:

Digital signatures and certificates

TLS/SSL certificates, code signing, document signing. A collision would allow an attacker to forge a valid signature for malicious content — this is exactly how the Flame malware worked against MD5.

Data integrity in adversarial contexts

Verifying software downloads, Docker image digests, npm package integrity (SRI hashes). If an attacker could tamper with the download, MD5 won't protect you.

HMAC for API authentication

HMAC-SHA256 is the standard for signing API requests (AWS Signature V4, Stripe webhooks, JWT tokens). HMAC-MD5 is deprecated in most security standards.

Blockchain and proof-of-work

Bitcoin's entire security model relies on SHA-256's collision resistance. Mining is essentially a SHA-256 brute-force search.

Git commit integrity

Git is migrating from SHA-1 to SHA-256 because SHA-1 collisions were demonstrated in 2017 (SHAttered attack). The same applies to any version control or content-addressable storage.

SHA-1, SHA-512, and HMAC: The Full Picture

MD5 and SHA-256 aren't the only options. Here's how the full family compares:

AlgorithmOutputSecurityUse Case
MD5128 bitsBrokenChecksums, cache keys
SHA-1160 bitsBroken (2017)Legacy Git, avoid for new projects
SHA-256256 bitsSecureSignatures, TLS, blockchain, HMAC
SHA-512512 bitsSecureSame as SHA-256, faster on 64-bit CPUs
HMACVariesSecureAPI auth, message authentication

HMAC (Hash-based Message Authentication Code) isn't a hash function itself — it's a construction that combines a hash function with a secret key. HMAC-SHA256 means “HMAC using SHA-256 as the underlying hash.” It's used when you need to verify both integrity andauthenticity — like verifying that a webhook really came from Stripe, or that a JWT hasn't been tampered with.

Our Hash Generator supports HMAC with a custom secret key — useful for testing webhook signatures or API authentication during development. For JWT tokens specifically, our JWT Decoder can decode the Base64-encoded payload and show you the signing algorithm used.

What About Passwords? (Neither!)

This is the most common mistake: never use MD5 or SHA-256 to hash passwords. Both are too fast. A modern GPU can compute billions of MD5 hashes per second and hundreds of millions of SHA-256 hashes per second, making brute-force attacks trivial.

Don't Do This
// ❌ Raw MD5
hash = md5(password)

// ❌ Raw SHA-256
hash = sha256(password)

// ❌ Even with salt
hash = sha256(salt + password)
Do This Instead
// ✅ bcrypt (cost factor 12+)
hash = bcrypt(password, 12)

// ✅ Argon2id (recommended)
hash = argon2id(password)

// ✅ scrypt
hash = scrypt(password)

Password hashing functions like bcrypt, scrypt, and Argon2id are designed to be deliberately slow (adjustable work factor) and include built-in salting to prevent rainbow table attacks. Argon2id is the current OWASP recommendation for new applications.

Need to generate strong passwords for your accounts? Our Password Generator creates cryptographically secure passwords using the Web Crypto API with customizable length and character sets.

Code Examples: JavaScript, Python, CLI

JavaScript (Node.js)

const crypto = require('crypto');

// MD5
const md5 = crypto.createHash('md5').update('Hello').digest('hex');
// → "8b1a9953c4611296a827abf8c47804d7"

// SHA-256
const sha256 = crypto.createHash('sha256').update('Hello').digest('hex');
// → "185f8db32271fe25f561a6fc938b2e264..."

// SHA-512
const sha512 = crypto.createHash('sha512').update('Hello').digest('hex');
// → "3615f80c9d293ed7402687f94b22d58e..."

// HMAC-SHA256
const hmac = crypto.createHmac('sha256', 'secret-key')
  .update('Hello').digest('hex');
// → "8a34c48ef1e04cc3e8d0e3be53965..."

// File checksum
const fs = require('fs');
const fileHash = crypto.createHash('sha256')
  .update(fs.readFileSync('file.zip')).digest('hex');

Python

import hashlib
import hmac

# MD5
md5 = hashlib.md5(b"Hello").hexdigest()
# → "8b1a9953c4611296a827abf8c47804d7"

# SHA-256
sha256 = hashlib.sha256(b"Hello").hexdigest()
# → "185f8db32271fe25f561a6fc938b2e264..."

# SHA-512
sha512 = hashlib.sha512(b"Hello").hexdigest()

# HMAC-SHA256
h = hmac.new(b"secret-key", b"Hello", hashlib.sha256).hexdigest()

# File checksum
with open("file.zip", "rb") as f:
    file_hash = hashlib.sha256(f.read()).hexdigest()

Command Line (Linux / macOS)

# MD5
echo -n "Hello" | md5sum
# → 8b1a9953c4611296a827abf8c47804d7

# SHA-256
echo -n "Hello" | sha256sum
# → 185f8db32271fe25f561a6fc938b2e264...

# SHA-512
echo -n "Hello" | sha512sum

# File checksum (verify downloads)
sha256sum ubuntu-24.04-desktop-amd64.iso

# Compare with expected checksum
echo "expected_hash  filename" | sha256sum --check

Don't want to write code? Our Hash Generator computes MD5, SHA-1, SHA-256, SHA-512, and HMAC from text or file input — all in your browser using the Web Crypto API. Your data never leaves your machine.

Frequently Asked Questions

Is MD5 still safe to use?
For non-security purposes like checksums, cache keys, and deduplication — yes, MD5 is fast and reliable. For anything security-related (passwords, signatures, certificates) — no, MD5 has been broken since 2004 and practical collision attacks exist.
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit hash (32 hex characters) and is cryptographically broken. SHA-256 produces a 256-bit hash (64 hex characters) and has no known collisions. SHA-256 is about 2.5x slower than MD5 but provides strong security guarantees.
Should I use SHA-256 or SHA-512?
Both are equally secure. SHA-512 is slightly faster on 64-bit CPUs. SHA-256 is the de facto standard (Bitcoin, TLS 1.3, most APIs). Use SHA-256 unless you have a specific reason for SHA-512.
Can you reverse an MD5 or SHA-256 hash?
Hash functions are one-way by design — you cannot mathematically reverse them. However, MD5 hashes of common strings can be found in rainbow tables. SHA-256 is resistant to this due to its 2^256 output space. For passwords, always use bcrypt or Argon2, not raw hashing.
What hash function should I use for passwords?
Never use MD5 or raw SHA-256 for passwords. Use bcrypt, scrypt, or Argon2id — these are purpose-built password hashing functions that are deliberately slow and include built-in salting. Argon2id is the OWASP recommendation for new applications.

Generate Hashes Instantly

Compute MD5, SHA-1, SHA-256, SHA-512, and HMAC hashes from text or files. Compare all outputs side by side. Free, private, 100% browser-based.

Open Hash Generator

Related Tools & Articles

Hash Generator
MD5, SHA-1, SHA-256, SHA-512 & HMAC
Password Generator
Cryptographically secure passwords
JWT Decoder
Decode tokens with HMAC-SHA256 signatures
Base64 Encoder / Decoder
Encode & decode Base64 text and files
Base64 Encoding Explained
What Base64 is and when to use it
Chmod Permissions Explained
Linux file permissions guide