Utilix knowledge base
Choosing a Hash Algorithm -- SHA-256, SHA-1, MD5
Published May 1, 2026
Choosing a Hash Algorithm — SHA-256, SHA-1, MD5
A cryptographic hash function maps an arbitrary input to a fixed-length output (the "digest" or "fingerprint"). Good hash functions are deterministic, fast to compute, and — critically — hard to reverse or collide intentionally.
Algorithm comparison
| Algorithm | Output size | Status | Use today? |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | Broken | Legacy checksums only |
| SHA-1 | 160 bits (40 hex) | Weak | Avoid for new designs |
| SHA-256 | 256 bits (64 hex) | Strong | Yes — default choice |
| SHA-384 | 384 bits (96 hex) | Strong | High-security contexts |
| SHA-512 | 512 bits (128 hex) | Strong | High-security / large data |
| SHA-3 (256) | 256 bits | Strong | Yes — alternate when SHA-2 is mandated out |
When to use SHA-256 or SHA-512
- File integrity verification: checksums for downloads, backups, build artifacts
- Digital signatures: the hash of a document is what gets signed (ECDSA, RSA)
- HMAC: message authentication codes in APIs and webhooks
- Blockchain / Merkle trees: Bitcoin uses SHA-256 twice (SHA-256d)
- TLS certificates: SHA-256 is the standard in modern X.509 certificates
SHA-512 is preferred when processing large volumes of data on 64-bit hardware (it is actually faster than SHA-256 there per byte) or when extra collision resistance margin is desired.
When SHA-1 and MD5 are still found
Both are broken for collision resistance — an attacker can craft two different documents with the same hash. They still appear in:
- Git object IDs: Git uses SHA-1 for commit, tree, and blob hashes (transitioning to SHA-256)
- Legacy checksums: Many mirror sites publish MD5 sums for historical compatibility
- Non-security contexts: Detecting accidental corruption, not malicious manipulation
Do not use either for new security-sensitive designs. A SHA-1 or MD5 digest proves nothing if an adversary controls the data.
Passwords are fundamentally different
Hashing passwords with SHA-256 (or any fast hash) is insecure. An attacker with the hash database can test billions of passwords per second on commodity hardware.
Password storage requires a slow key-derivation function (KDF) with a per-user random salt:
- Argon2id — current recommended choice (winner of the Password Hashing Competition)
- bcrypt — proven, widely supported, work factor is adjustable
- scrypt — memory-hard, good when Argon2 is unavailable
Never roll your own hashing for passwords — use the KDF implementations in your language's standard library or a reputable security library.
Experiment with SHA-256, SHA-512, and MD5 digests on any input text with the Hash Generator — all computation runs locally in your browser.