What Is a Cryptographic Hash Function?

A hash function takes an input of any length and produces a fixed-length output (the hash or digest) that is deterministic, fast to compute, and practically impossible to reverse. Change a single character in the input and the output changes completely — this is called the avalanche effect.

Hash functions are used for: file integrity verification, password storage (with proper salting), digital signatures, data deduplication, and blockchain (Bitcoin uses SHA-256).

MD5 vs SHA-256: Key Differences

	MD5	SHA-256
Output length	128 bits (32 hex chars)	256 bits (64 hex chars)
Speed	Very fast	Fast (but slower than MD5)
Collision resistance	Broken — collisions practical	Strong — no practical attack
Security	Not suitable for security use	Suitable for most uses
Standard	RFC 1321 (1992)	FIPS 180-4, NIST
Use in TLS	Deprecated	Standard

Why MD5 Is Broken

In 2004, researcher Xiaoyun Wang demonstrated that MD5 collisions could be generated. By 2008, attackers used MD5 collisions to forge a rogue SSL certificate, breaking the trust model of HTTPS. Today, MD5 collisions can be generated in seconds on consumer hardware.

This means an attacker could create two files with the same MD5 hash — one benign, one malicious. For any application that relies on hashing for uniqueness or integrity verification, MD5 is unacceptable.

When MD5 Is Still Acceptable

Despite its security issues, MD5 remains acceptable in non-security contexts where collision resistance is not required:

• Checksums for data transfer — detecting accidental corruption (not malicious tampering) during file download.
• Cache keys — generating unique identifiers for cached content where security is irrelevant.
• Non-cryptographic deduplication — quickly identifying duplicate files in a trusted dataset.
• Legacy systems — where upgrading would require significant work and no security risk exists.

SHA-256 Use Cases

• TLS/SSL certificates — all modern certificates use SHA-256 signatures.
• Code signing — software publishers sign release binaries with SHA-256.
• Bitcoin and blockchain — SHA-256 is the proof-of-work algorithm.
• HMAC authentication — JWT tokens use HMAC-SHA256 for signature verification.
• File integrity — download pages provide SHA-256 checksums for verification.

Which to Use for Passwords?

Neither MD5 nor SHA-256 should be used directly for password hashing. Both are far too fast — modern GPUs can compute billions of SHA-256 hashes per second, making brute-force attacks against weak passwords trivial. Use bcrypt, Argon2, or scrypt instead — algorithms specifically designed to be slow and include automatic salting. See our Hash Generator for MD5 and SHA-256, and our bcrypt tool for password hashing.

Frequently Asked Questions

Is MD5 still safe to use?

MD5 is cryptographically broken — collisions can be generated in seconds. Do not use it for passwords, digital signatures, or certificate fingerprints. It remains acceptable for non-security uses like detecting accidental file corruption.

What is SHA-256?

SHA-256 is a NIST-standardised hash function producing a 256-bit (64-character hex) digest. No practical collision attack exists against it as of 2026. It is used in TLS certificates, Bitcoin, code signing, and JWT signatures.

Can a hash be reversed?

No. Hash functions are one-way — there is no mathematical inverse. Attackers use rainbow tables (pre-computed lookup tables) or GPU brute force to guess the original input from common or weak passwords. Strong, unique passwords and proper salting prevent this.

Should I use SHA-256 for passwords?

No — SHA-256 is too fast. Attackers can compute billions of SHA-256 hashes per second. Use bcrypt, Argon2, or scrypt for passwords — they are intentionally slow, include salting, and are purpose-built for credential storage.