Compute MD5, SHA-1, SHA-256, SHA-512 and more
A hash function maps arbitrary-length data to a fixed-length digest in a one-way transformation. The same input always produces the same output, but the input cannot be derived from the output. Hashing is widely used for data integrity verification, digital signatures, password storage, and blockchain. Even a single-bit change in input produces a completely different output (avalanche effect).
| Algorithm | Output Length | Security | Use Case |
|---|---|---|---|
| MD5 | 32 hex | ❌ Broken | File checksums (non-security) |
| SHA-1 | 40 hex | ⚠️ Not recommended | Legacy Git (deprecated) |
| SHA-256 | 64 hex | ✅ | Digital signatures, blockchain, TLS |
| SHA-512 | 128 hex | ✅ Stronger | High-security requirements |
Hash ≠ Encryption: Hashing is one-way and irreversible; encryption uses a key and can be reversed. For storing passwords, use bcrypt or Argon2 (slow hashes designed for passwords), not MD5/SHA.
MD5 is completely untrustworthy for security purposes (collision attacks proven in 2004). However, it's still widely used in non-security contexts — file dedup, cache keys, data checksums — because it's fast and produces short output. The key rule: never use MD5 for anything security-related.
Both are currently secure enough. SHA-256 has shorter output (32 bytes) and suits most use cases. SHA-512 can actually be faster on 64-bit processors and is better when you need a higher security margin or process large volumes of data. Default to SHA-256 for general purposes.
SHA-256 is designed to be fast. Attackers with GPUs can compute billions of SHA-256 hashes per second and, combined with rainbow tables, crack common passwords quickly. bcrypt/Argon2 intentionally slow down hashing by introducing computational cost (time + memory), making brute-force attacks infeasible.