Skip to main content

← Back to blog

Is MD5 Still Safe? MD5 vs. SHA-256 vs. SHA-512 Explained

Hash functions turn data of any size into a fixed-length “fingerprint.” They’re everywhere — file downloads, password storage, digital signatures, deduplication. But not all hash functions are safe to use today. Here’s how MD5, SHA-256 and SHA-512 compare, and how to use them correctly.

What a hash is (and isn’t)

A cryptographic hash is a one-way function: given the output, you cannot recover the input. The same input always yields the same output, and changing a single character changes the result completely. That’s why hashes are used to check integrity and store passwords — you compare fingerprints, not the original data.

A hash is not encryption (there’s no key and no decryption) and not encoding (like Base64, which is reversible by anyone).

Why MD5 is considered broken

MD5 produces a 128-bit hash and was once ubiquitous. The problem is collisions — different inputs that produce the same hash. Researchers have been able to generate MD5 collisions cheaply for years, which means MD5 can no longer guarantee integrity: an attacker could craft a malicious file with the same MD5 as a legitimate one.

For this reason, MD5 (and the older SHA-1) should not be used for security purposes. In fact, the browser’s built-in Web Crypto API doesn’t even offer MD5. Our hash generator deliberately supports only the SHA-2 family for the same reason.

SHA-256 vs. SHA-512

Both belong to the SHA-2 family and are considered secure today. The differences:

  • SHA-256 produces a 256-bit (64 hex character) hash. It’s the most widely used and a great default.
  • SHA-512 produces a 512-bit (128 hex character) hash. It offers a larger output and can actually be faster on 64-bit hardware.

For most purposes — file checksums, integrity checks, general fingerprinting — SHA-256 is the sensible default. Choose SHA-512 when a longer digest is required by a standard or protocol.

The right way to store passwords

Here’s a critical point: you should not store passwords with a plain hash, not even SHA-256. Fast hashes are easy to brute-force with modern hardware. Instead, use a purpose-built password hashing algorithm that is deliberately slow and salted, such as bcrypt, scrypt or Argon2. These add a unique random salt per password and a tunable work factor to resist cracking.

So the rule of thumb:

  • File integrity / fingerprints → SHA-256 (or SHA-512).
  • Password storage → bcrypt / scrypt / Argon2 with a salt — never a bare SHA hash.

Verifying a download

A common, legitimate use of hashing is checking that a downloaded file wasn’t corrupted or tampered with. The publisher lists the file’s SHA-256; you compute the hash of your copy and compare. If they match, the file is intact.

You can compute SHA-256, SHA-384 and SHA-512 in your browser with our free hash generator — it uses the native Web Crypto API, so your input is never uploaded.