Cryptographic Hashing — MD5, SHA-1, and SHA-256 Explained

Cryptographic hashing is a fundamental concept in computer security. It turns any input into a fixed-size string of characters that uniquely represents that input.

What Is a Hash?

A hash function takes input of any size and produces a fixed-length output:

"hello" → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Key properties:

• Deterministic — Same input always produces same output
• Fixed length — Output size is always the same
• One-way — You can't reverse a hash back to the original
• Avalanche effect — Small input change = completely different output

Hash Algorithms Compared

Common Use Cases

1. Password Storage

User password: "mySecret123"
Stored hash: "a3f5c8..." (SHA-256)

2. File Integrity

Expected SHA-256: e3b0c44298fc1c149afbf4c8996fb924...
Actual SHA-256:   e3b0c44298fc1c149afbf4c8996fb924...
Match: ✅ File is intact

3. Data Deduplication

4. Digital Signatures

MD5 and SHA-1 Are Broken

Both MD5 and SHA-1 are considered cryptographically broken:

• MD5 collisions found in 2004 — two different inputs produce same hash
• SHA-1 collisions found in 2017 — Google demonstrated a practical attack
• Don't use for security — Only use for non-security checksums

Best Practices

1. Use SHA-256 or better for anything security-related
2. Add salt to passwords — Random data prevents rainbow table attacks
3. Use key stretching — PBKDF2, bcrypt, or Argon2 for password hashing
4. Don't rely on hashes alone — Combine with other security measures

Generate Hashes Online

Use our free hash generator to create MD5, SHA-1, and SHA-256 hashes instantly — all processing happens in your browser.