Tutorial · Jun 2, 2026 · 5 min read

SHA256 vs MD5 vs SHA512: which one should you actually use?

A straightforward breakdown of the three most common hash algorithms, what makes them different, and when each one is the right choice.


If you’ve worked with passwords, checksums, or file verification at any point, you’ve run into these three names. MD5, SHA256, SHA512. They all take an input and spit out a fixed-length string of characters. They all look similar at a glance. But they’re not interchangeable, and using the wrong one can cause real problems.

Here’s an actual breakdown of what each one is, where it came from, and when to use it.

What a hash function even does

Before getting into the differences, a hash function takes any input (a word, a file, a password, a document) and produces a fixed-length output called a digest or hash. The same input always produces the same output. Change one character in the input and the entire output changes completely.

You can’t reverse it. Given a hash, you can’t mathematically work backwards to find the original input. That’s the whole point.

"hello" → MD5 → 5d41402abc4b2a76b9719d911017c592
"hello" → SHA256 → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
"hello" → SHA512 → 9b71d224bd62f3785d96d46ad3ea3d...

Same input, completely different outputs depending on the algorithm.

MD5, fast, broken, still everywhere

MD5 was designed in 1991. For its time it was fine. It produces a 32-character hex string and it’s extremely fast to compute.

The problem is that MD5 is cryptographically broken. Researchers found ways to create two different inputs that produce the same MD5 hash, called a collision. This means you can’t trust MD5 to verify that something hasn’t been tampered with in security-sensitive contexts.

Length: 32 hex characters
Example: 5d41402abc4b2a76b9719d911017c592
Speed: Very fast
Security: Broken, do not use for passwords or security

Where MD5 still makes sense:

  • Checksums for non-security file verification (checking a download completed correctly)
  • Non-security deduplication (finding duplicate files in a dataset)
  • CTF challenges (it’s everywhere in beginner competitions)
  • Legacy systems you can’t change

Where MD5 is a bad idea:

  • Password storage
  • Digital signatures
  • Anything where collision resistance matters

SHA1, slightly better, also broken

SHA1 produces a 40-character hex string. It was the upgrade from MD5 and was widely used for years. Git originally used SHA1 for its commit hashes.

Google demonstrated a practical SHA1 collision in 2017 (the SHAttered attack). It’s now also considered broken for security purposes, though it took much longer and more computing resources than MD5 collisions.

Length: 40 hex characters
Example: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
Speed: Fast
Security: Broken, deprecated for most security uses

Still appears in older codebases, SSL certificates from before ~2017, and CTF challenges. Git is migrating to SHA256.

SHA256, the current standard

SHA256 is part of the SHA-2 family and produces a 64-character hex string. This is the one you should default to for most things in 2026. No practical collisions have been found. It’s fast enough for most applications. It’s supported everywhere.

Length: 64 hex characters
Example: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Speed: Fast, hardware-accelerated on modern CPUs
Security: Currently strong, no known practical attacks

Where SHA256 is the right choice:

  • File integrity verification
  • Digital signatures
  • HMAC authentication
  • Blockchain (Bitcoin uses SHA256)
  • TLS certificates
  • General checksums where security matters

One important thing: SHA256 is still not suitable for direct password hashing. It’s too fast, an attacker with a GPU can compute billions of SHA256 hashes per second. For passwords you need something slow by design: bcrypt, Argon2, or scrypt.

SHA512, more bits, not always better

SHA512 produces a 128-character hex string. It’s part of the same SHA-2 family as SHA256, just with a longer output and a different internal structure.

Length: 128 hex characters
Speed: Slower than SHA256 on 32-bit systems, similar or faster on 64-bit
Security: Strong, same family as SHA256

The longer output gives more resistance against brute force in theory, but for most practical applications SHA256 is sufficient. The main case for SHA512 over SHA256 is when you need a longer hash output for a specific protocol or when working on 64-bit systems where SHA512 can actually be faster due to how it uses 64-bit operations.

The quick reference

AlgorithmOutput lengthUse forDon’t use for
MD532 charsNon-security checksums, CTFsPasswords, security, signatures
SHA140 charsLegacy support onlyNew projects
SHA25664 charsFile integrity, signatures, most thingsPassword storage
SHA512128 charsWhen you need a longer digestPassword storage
bcrypt/Argon2VariablePassword storageGeneral hashing

Try it yourself

If you want to generate or compare hashes without setting anything up, I built a simple tool for exactly this, HashGenerator lets you input any text and see the MD5, SHA1, SHA256, and SHA512 outputs side by side instantly.

Try HashGenerator at darkmintis.dev/hashgenerator

And if you’re doing CTF work and need to crack a known hash against a wordlist, HashCrack handles MD5 and SHA1 dictionary attacks in the browser.

Try HashCrack at darkmintis.dev/hashcrack

No setup, no install, runs in your browser.


Blog