Hash functions are one of the foundational tools of computer security and data integrity. Given an input of any size, a hash function produces a fixed-length output — the hash or digest — that acts as a fingerprint. Two different inputs should (ideally) never produce the same hash. MD5 and SHA-256 are two of the most widely known hash functions, but they serve very different roles today.
How hash functions work
A hash function must satisfy three properties to be useful: it must be deterministic (the same input always gives the same output), fast to compute, and one-way (you cannot recover the input from the output). A good cryptographic hash function also needs to be collision-resistant — computationally infeasible to find two different inputs that produce the same hash.
MD5: Fast but broken for security
MD5 (Message Digest Algorithm 5) was designed in 1991 by Ronald Rivest and produces a 128-bit (32 hex character) hash. It was widely adopted in the 1990s for checksums, file verification, and password hashing.
The problem: MD5 is cryptographically broken. In 2004, researchers demonstrated practical collision attacks — the ability to produce two different inputs with the same MD5 hash. By 2008, researchers created a rogue SSL certificate using MD5 collisions. Today, generating MD5 collisions is fast enough to do on a modern laptop.
Where MD5 is still acceptable: non-security checksums in trusted environments (verifying a file you just downloaded from a trusted source against its MD5 listed on the same page), database sharding keys, hash tables, and other non-adversarial use cases where collision resistance is not a security requirement.
SHA-256: The current standard
SHA-256 is part of the SHA-2 family, published by NIST in 2001. It produces a 256-bit (64 hex character) hash. As of 2026, no practical collision attacks against SHA-256 are known. It is the hash function used in:
- TLS/HTTPS certificates (replaced SHA-1 after 2017)
- Bitcoin's proof-of-work and transaction hashing
- Code signing for software packages
- HMAC authentication in APIs
- Password hashing schemes like PBKDF2-SHA-256 and bcrypt (which use SHA-256 internally)
Comparison at a glance
| Property | MD5 | SHA-256 |
|---|---|---|
| Output size | 128 bits (32 chars) | 256 bits (64 chars) |
| Speed | Very fast | Fast |
| Collision resistance | Broken | Strong |
| Security use | No | Yes |
A note on password hashing
Neither MD5 nor raw SHA-256 should be used directly for password storage. Both are too fast — an attacker with a GPU can compute billions of hashes per second, enabling rapid brute-force and rainbow table attacks. Use a purpose-built password hashing algorithm: bcrypt, scrypt, or Argon2. These are intentionally slow and include built-in salting.
Try generating hashes for any text in your browser using the Hash Generator on TextUtils — MD5, SHA-1, and SHA-256 are all computed client-side, nothing is sent to a server.