Allinone.tools Logo

Allinone.tools

← Blog

MD5, SHA-1, and SHA-256 - Which Hash Function Should You Use?

February 20, 2026  ·  5 min read

Hash functions are everywhere - verifying file downloads, storing passwords, signing software, checking data integrity. But not all hash functions are created equal. MD5, SHA-1, and SHA-256 are three of the most commonly encountered, and there's a lot of confusion about which one to use and why.

Here's the clear answer, with the reasoning behind it.

What Is a Hash Function?

A cryptographic hash function takes an input of any length and produces a fixed-length output called a hash or digest. A good hash function has three key properties:

  1. Deterministic - the same input always produces the same output
  2. One-way - given the hash, it's computationally infeasible to find the input
  3. Collision-resistant - it's infeasible to find two different inputs with the same hash

The last property is where MD5 and SHA-1 fall apart.

MD5

Output size: 128 bits (32 hex characters) Example: 5f4dcc3b5aa765d61d8327deb882cf99 (the hash of "password")

MD5 was designed in 1991 and was widely used through the 2000s. It's fast, produces a compact hash, and was considered secure for its time.

The problem: Researchers found MD5 collision attacks in 2004 - meaning it's possible to deliberately craft two different files that produce the same MD5 hash. This was demonstrated dramatically in 2008 when researchers used a collision attack to create a rogue SSL certificate accepted by real browsers.

What MD5 is still useful for:

  • Checksums for accidental corruption detection (not security-critical)
  • Fast non-security hashing (deduplication, hash tables)
  • Legacy systems where you have no choice

What MD5 should never be used for:

  • Password storage (far too fast to brute force; use bcrypt or Argon2)
  • Digital signatures
  • SSL/TLS certificates
  • Any security-critical application

If you encounter an MD5 hash and want to look it up, our MD5 decrypt tool searches an extensive database of known precomputed hashes.

SHA-1

Output size: 160 bits (40 hex characters) Example: 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 (the hash of "password")

SHA-1 was designed by the NSA and published in 1995 as a stronger successor to MD5. For many years, it was the industry standard - used in TLS certificates, code signing, and Git's object model.

The problem: Theoretical weaknesses were identified in 2005. A practical collision attack was demonstrated in 2017 by Google's Project Zero team (the "SHAttered" attack), which required 9.2 quintillion SHA-1 operations - feasible for well-resourced attackers.

Current status: SHA-1 is deprecated for security use. Browser vendors have blocked SHA-1 TLS certificates since 2017. Git is actively migrating away from SHA-1.

What SHA-1 is still used for:

  • Git (legacy - SHA-256 migration is ongoing)
  • Non-security checksums in older software
  • HMAC-SHA1 in some contexts (still considered reasonably safe)

What SHA-1 should never be used for:

  • New digital signatures
  • TLS/SSL certificates
  • Password storage
  • Any new security design

SHA-256

Output size: 256 bits (64 hex characters) Example: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 (the hash of "password")

SHA-256 is part of the SHA-2 family, designed by the NSA and published in 2001. Despite being over two decades old, no practical attacks against SHA-256 have been demonstrated. It remains the standard for most security applications.

Why SHA-256 is the right choice:

  • No known collision attacks
  • 256-bit output makes brute force infeasible
  • Supported everywhere - browsers, operating systems, programming languages
  • Used in Bitcoin, TLS 1.3, code signing, HTTPS certificates

What SHA-256 is used for:

  • TLS/HTTPS certificates
  • Code signing (macOS, Windows, Linux packages)
  • Bitcoin and most cryptocurrencies
  • HMAC authentication
  • File integrity verification
  • Password hashing (as part of PBKDF2 - but prefer bcrypt or Argon2 for passwords specifically)

Quick Comparison

| Property | MD5 | SHA-1 | SHA-256 | |----------|-----|-------|---------| | Output size | 128 bits | 160 bits | 256 bits | | Designed | 1991 | 1995 | 2001 | | Speed | Very fast | Fast | Fast | | Collisions found | Yes (2004) | Yes (2017) | No | | Security status | Broken | Deprecated | Secure | | Use for checksums | OK | OK | Best | | Use for signatures | Never | Never | Yes | | Use for passwords | Never | Never | Use Argon2 |

A Note on Password Hashing

A common mistake is using any of these algorithms directly for password storage. SHA-256 is fast - which is exactly what you don't want for passwords. A modern GPU can compute billions of SHA-256 hashes per second, enabling rapid brute-force attacks.

For passwords, use purpose-built algorithms:

  • Argon2 (winner of the Password Hashing Competition - recommended for new systems)
  • bcrypt (battle-tested, widely supported)
  • scrypt (memory-hard, good choice)

These are designed to be slow and memory-intensive, making brute force attacks extremely costly.

The Bottom Line

Use SHA-256 for any new project that needs a hash function for security purposes. It's secure, universally supported, and will remain practical for the foreseeable future.

MD5 and SHA-1 are fine for non-security uses like checksums and deduplication - where your only concern is accidental corruption, not deliberate attacks. For anything where someone might be trying to fool your system, they're not safe.

If you need to explore hash values, our MD5 decrypt and encryption tools let you compute and look up hashes directly in your browser.