Cryptographic Hash Functions: MD5, SHA-256, and Beyond
Hash functions are the unsung heroes of modern computing. They secure your passwords, verify software downloads, power blockchain networks, and protect digital signatures. Yet many developers use them without fully understanding what makes a good hash function — or why some older ones should be retired. Let’s change that.
What Is a Hash Function?
A hash function takes an input of any size and produces a fixed-size output (called a digest, hash, or fingerprint). A cryptographic hash function adds security properties that make it suitable for use in security-critical applications.
Input: "Hello"
SHA-256: 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969
Input: "Hello." (one character added)
SHA-256: 2d8bd7d9bb5f85ba643f0110d50cb506a1fe439e769a22503c0e90f1f6e3b
→ Completely different output from a tiny changeEssential Properties of Cryptographic Hash Functions
| Property | Definition | Why It Matters |
|---|---|---|
| Deterministic | Same input always produces same output | Enables verification and comparison |
| One-way (Pre-image resistance) | Cannot reverse the hash to find the input | Protects passwords and secrets |
| Avalanche effect | Tiny input change flips ~50% of output bits | Prevents pattern analysis |
| Collision resistance | Infeasible to find two inputs with same hash | Guarantees data integrity |
| Fixed output size | Output length is constant regardless of input size | Predictable storage and comparison |
Comparing Hash Algorithms
| Algorithm | Output Size | Speed | Security Status | Use Today? |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex) | Very fast | Broken (collisions found) | No — checksums only |
| SHA-1 | 160 bits (40 hex) | Fast | Broken (2017 collision) | No — being phased out |
| SHA-256 | 256 bits (64 hex) | Moderate | Secure | Yes — recommended |
| SHA-512 | 512 bits (128 hex) | Moderate (faster on 64-bit) | Secure | Yes — when extra security needed |
| SHA-3 | Variable (224-512) | Moderate | Secure (different design) | Yes — alternative to SHA-2 |
| BLAKE3 | 256 bits (default) | Very fast | Secure | Yes — high performance |
How Hash Functions Work (Simplified)
While each algorithm differs in implementation, most follow these general steps:
- Padding: The input message is padded to a specific block size (e.g., 512 bits for SHA-256)
- Parsing: The padded message is divided into fixed-size blocks
- Initialization: Internal state variables are set to predefined constants
- Compression: Each block is processed through rounds of bitwise operations (AND, OR, XOR, rotations, additions)
- Finalization: The final internal state is output as the hash digest
SHA-256 specifically uses 64 rounds of compression per block with a message schedule that expands 16 input words into 64 working words.
Real-World Use Cases
Password Storage
Never store passwords in plaintext. Hash them before storage so a database breach doesn’t expose credentials. However, general-purpose hashes (SHA-256) are too fast for passwords — use specialized algorithms:
- bcrypt: Adaptive work factor, industry standard
- Argon2: Winner of the Password Hashing Competition (2015), memory-hard
- scrypt: Memory-hard, resistant to hardware attacks
File Integrity Verification
Software downloads provide SHA-256 checksums so you can verify the file wasn’t tampered with:
# Linux/Mac: verify a downloaded file
sha256sum ubuntu-24.04-desktop-amd64.iso
# Compare output with the published hashDigital Signatures
Rather than signing an entire document (slow), the document is hashed and the hash is signed. The recipient hashes the document again and verifies the signature against that hash.
Data Deduplication
Cloud storage services hash file contents to detect duplicates. If two users upload the same file, only one copy needs to be stored.
Blockchain and Proof of Work
Bitcoin uses double SHA-256 hashing. Miners must find an input that produces a hash below a target threshold — computationally expensive but trivial to verify.
Understanding Hash Collisions
A collision occurs when two different inputs produce the same hash output. For a 128-bit hash like MD5, the birthday paradox means a collision can be found in roughly 2^64 operations — well within reach of modern hardware.
Why MD5 Is Broken
In 2004, researchers demonstrated practical MD5 collisions. By 2012, the Flame malware exploited an MD5 collision to forge a Microsoft code-signing certificate. MD5 should never be used for security purposes.
Why SHA-1 Is Broken
In 2017, Google’s SHAttered project produced the first practical SHA-1 collision using 6,500 years of CPU time and 110 years of GPU time (feasible for well-funded attackers). Major browsers and certificate authorities have since deprecated SHA-1.
Choosing the Right Hash Function
| Use Case | Recommended Algorithm | Reason |
|---|---|---|
| Password hashing | Argon2 / bcrypt | Intentionally slow, memory-hard |
| File integrity | SHA-256 / BLAKE3 | Fast, collision-resistant |
| Digital signatures | SHA-256 / SHA-512 | Industry standard, well-audited |
| Non-security checksums | CRC32 / xxHash | Extremely fast, not cryptographic |
| Blockchain | SHA-256 / Keccak | Proven security margin |
Hash Functions in JavaScript
// Using the Web Crypto API (browser & Node.js)
async function sha256(message) {
const encoder = new TextEncoder();
const data = encoder.encode(message);
const hashBuffer = await crypto.subtle.digest("SHA-256", data);
const hashArray = Array.from(new Uint8Array(hashBuffer));
return hashArray.map(b => b.toString(16).padStart(2, "0")).join("");
}
// Usage
const hash = await sha256("Hello, World!");
// "dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f"Try it yourself: Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly with our free Hash Generator — compare algorithms side-by-side, all processing happens locally in your browser.