What Is a Cryptographic Hash Function?
A hash function takes input of any length and produces a fixed-length output (the digest or hash). Good cryptographic hash functions have three properties:
- Deterministic: Same input always produces the same output.
- One-way: Impossible to reverse-engineer the input from the output.
- Collision-resistant: Practically impossible to find two different inputs that produce the same hash.
MD5 (Message Digest 5)
Produces a 128-bit (32 hex character) digest. Fast, widely supported, and still used for non-security purposes:
MD5("Hello") = 8b1a9953c4611296a827abf8c47804d7Security status: Broken. Collision attacks against MD5 are practical on consumer hardware. In 2008, researchers used MD5 collisions to create a rogue CA certificate. Do not use MD5 for password hashing, digital signatures, or any security-sensitive checksum.
Still OK for: Non-security checksums (detecting accidental data corruption), deduplication keys, legacy system compatibility.
SHA-1 (Secure Hash Algorithm 1)
Produces a 160-bit (40 hex character) digest. Stronger than MD5 but also broken:
SHA-1("Hello") = f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0Security status: Deprecated. Google's SHAttered attack (2017) demonstrated the first practical SHA-1 collision. Major browsers and CAs have dropped SHA-1 certificate support.
Still seen in: Git (though Git is transitioning to SHA-256), older S/MIME implementations, legacy SSL certificates.
SHA-256 (SHA-2 Family)
Produces a 256-bit (64 hex character) digest. The current industry standard for most security applications:
SHA-256("Hello") = 185f8db32921bd46d35db59f5ef5fe6c4e1db7f1aff2e4e62ba559c7d94c9898Security status: Secure. No practical attacks known. Used in TLS 1.3, Bitcoin, code signing, and password hashing (as part of schemes like PBKDF2).
SHA-512 and SHA-3
SHA-512 produces a 512-bit digest — stronger, but slower and produces larger output. Useful for high-security contexts or when you need extra margin. SHA-3 (Keccak) uses a fundamentally different construction from SHA-2 and serves as a backup standard if SHA-2 were ever broken.
Generating Hashes in JavaScript
// Web Crypto API (browser + Node.js 15+)
async function sha256(message) {
const msgBuffer = new TextEncoder().encode(message);
const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
const hashArray = Array.from(new Uint8Array(hashBuffer));
return hashArray.map(b => b.toString(16).padStart(2, "0")).join("");
}
sha256("Hello").then(console.log);
// 185f8db3...Generating Hashes in Python
import hashlib
# MD5
hashlib.md5(b"Hello").hexdigest()
# '8b1a9953c4611296a827abf8c47804d7'
# SHA-256
hashlib.sha256(b"Hello").hexdigest()
# '185f8db32921bd46d35db59f5ef5fe6c4e1db7f1aff2e4e62ba559c7d94c9898'
# SHA-512
hashlib.sha512(b"Hello").hexdigest()Hash vs. Password Hashing
SHA-256 is fast, which is great for checksums but terrible for passwords. A GPU can compute billions of SHA-256 hashes per second, making brute-force attacks trivial. For passwords, always use a slow algorithm designed for the purpose:
- bcrypt — adjustable cost factor, widely supported.
- Argon2 — winner of the Password Hashing Competition, memory-hard.
- PBKDF2 — built into many standard libraries, FIPS-approved.
File Integrity Verification
A common and entirely appropriate use of SHA-256 is verifying file downloads:
# Download and verify
curl -O https://example.com/app.tar.gz
sha256sum app.tar.gz
# Compare with the published checksumGenerate Hashes Instantly
Use ToolsVito's Hash Generator to compute MD5, SHA-1, SHA-256, and SHA-512 hashes directly in your browser. Nothing is uploaded to a server.