Learn how cryptographic hash functions work and what they're used for. Covers MD5, SHA-1, SHA-256, one-way hashing, file integrity verification, and password hashing.
A cryptographic hash function takes any input — a password, a document, an entire operating system image — and produces a fixed-length string of characters (the "hash" or "digest"). The same input always produces the same hash, but even the tiniest change to the input completely transforms the output. This property makes hashing indispensable for password storage, file integrity verification, digital signatures, and blockchain.
| Algorithm | Output Size | Status | Current Use |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | ⚠️ Broken | Checksums only (not security-critical) |
| SHA-1 | 160 bits (40 hex) | ⚠️ Broken | Legacy only; avoid for new systems |
| SHA-256 | 256 bits (64 hex) | ✅ Secure | TLS, Bitcoin, code signing, general use |
| SHA-512 | 512 bits (128 hex) | ✅ Secure | High-security applications |
| SHA-3 | Variable | ✅ Secure | Modern replacement; different internals |
SHA-256 of "Hello": 185f8db32921bd46d35cc2e13b6ff36b8d0e34a57111d5b9d3eb5d2bdde5c3
SHA-256 of "hello" (lowercase h): 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
One character change → completely different output. This property (the avalanche effect) makes it impossible to guess the input by studying the output or making slight modifications to a guessed input.
Websites should never store passwords in plaintext. Instead, they hash the password and store the hash. When you log in, your entered password is hashed and compared to the stored hash. If the database is breached, attackers get hashes, not passwords.
However, SHA-256 alone is NOT appropriate for password hashing. Modern GPU hardware can compute billions of SHA-256 hashes per second, making brute-force attacks against simple hashes fast. Password-specific algorithms like bcrypt, Argon2, and scrypt are designed to be intentionally slow and incorporate "salts" (random values added to each password before hashing to prevent rainbow table attacks).
Software downloads often include a SHA-256 hash. After downloading, you hash the file and compare it to the published hash. If they match, the file is intact and unmodified. This detects both accidental corruption and malicious tampering.
Example: The Ubuntu 24.04 LTS ISO download page lists SHA-256 hashes for each image file. Verifying the hash confirms you received exactly what Ubuntu published.
When you digitally sign a document, your signature is actually applied to the document's hash (not the document itself). This is practical because hashing a large document takes microseconds, while signing takes milliseconds; signing a hash is far faster than signing the full document. The recipient hashes the received document and verifies the signature against that hash.
Each block in a blockchain contains the hash of the previous block, creating a chain. Modifying any block would change its hash, breaking all subsequent links. Bitcoin uses SHA-256 extensively; Ethereum uses Keccak-256.
Git identifies every commit, file, and tree object by its SHA-1 hash (migrating to SHA-256). The hash of a commit includes the hash of its parent commit, creating an immutable audit trail — any change to history would change all subsequent commit hashes.
MD5 was broken in 2005 when researchers demonstrated practical collision attacks — two different inputs producing the same MD5 hash. SHA-1 was broken similarly in 2017 (the "SHAttered" attack). For security-critical applications, do not use either. For non-security uses like content addressing or checksums in trusted environments, MD5 remains computationally convenient, but SHA-256 is preferred.
Use our free Hash Generator — results appear as you type. No sign-up needed!
🚀 Open Hash Generator Free