Hash functions are one of the most fundamental building blocks in computer science and cybersecurity. They're used in password storage, file integrity verification, digital signatures, Git version control, blockchain, and dozens of other applications — yet they're often confused with encryption or dismissed as a topic "only cryptographers need to understand."
This guide explains how hash functions work in plain terms, covers the most common algorithms (MD5, SHA-1, SHA-256, and SHA-512), and clarifies when to use each — and when to avoid them entirely.
What Is a Hash Function?
A hash function takes an input of any size — a single character, a 10GB file, a password — and produces a fixed-length output called a hash (also called a digest, checksum, or fingerprint). The same input always produces the same hash, and even a tiny change in the input produces a completely different hash.
Here's what hashing the word "hello" looks like across different algorithms:
Input: "hello"
MD5: 5d41402abc4b2a76b9719d911017c592
SHA-1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c
1fa7425e73043362938b9824
SHA-512: 9b71d224bd62f3785d96d46ad3ea3d73
319bfbc2890caadae2dff72519673ca7
2323c3d99ba5c11d7c7acc6e14b8c586
0aad30952fbdc13c16a68ac7446f73bNotice that the output length is fixed for each algorithm regardless of input size. MD5 always produces 32 hex characters (128 bits). SHA-256 always produces 64 hex characters (256 bits).
→ Try it yourself — generate hashes for any text with the Hash Generator
One-Way vs. Reversible
The defining property of a cryptographic hash function is that it's a one-way function. You can easily compute the hash from an input, but you cannot compute the input from a hash. There is no "un-hash" function, no key, no secret decoder. This is fundamentally different from encryption.
Consider the analogy: encryption is like locking a document in a safe — with the right key, you can open it and get the original back. Hashing is like putting a document through a shredder — you can verify that a specific document would produce the same pile of shreds, but you can't reconstruct the document from the shreds.
This one-way property is what makes hashing useful for passwords. When you create an account, the site hashes your password and stores the hash. When you log in, it hashes your input and compares it to the stored hash. The site never needs to know your actual password — it only needs to verify the hash matches.
MD5 — Fast but Broken
Output size: 128 bits (32 hex characters)
Created: 1991 by Ronald Rivest
MD5 was the dominant hash algorithm for over a decade. It's extremely fast to compute and widely supported — which is both its strength and its fatal flaw. MD5 has been cryptographically broken since 2004, meaning researchers can deliberately create two different inputs that produce the same hash (a collision attack).
When to use MD5:
- Non-security checksums. Verifying file integrity during transfer (did the download arrive intact?) where the threat model doesn't include a malicious actor deliberately crafting collisions.
- Cache keys and deduplication. Generating fast, fixed-length identifiers for caching or detecting duplicate content, where collision resistance isn't critical.
- Legacy system compatibility. Some older APIs and protocols still require MD5.
When NOT to use MD5: Password hashing, digital signatures, certificate verification, or any scenario where an attacker could exploit collisions. Use SHA-256 or better.
SHA-1 — Deprecated
Output size: 160 bits (40 hex characters)
Created: 1995 by the NSA / NIST
SHA-1 was the successor to MD5 and was the standard hash algorithm for SSL/TLS certificates, Git commits, and many security applications. In 2017, Google demonstrated a practical SHA-1 collision (the SHAttered attack), proving that SHA-1 is no longer collision-resistant.
All major browsers stopped accepting SHA-1 certificates in 2017. Certificate authorities no longer issue SHA-1 certificates. NIST officially deprecated SHA-1 in 2011 and recommended discontinuing its use by 2030.
Where SHA-1 still lives: Git still uses SHA-1 internally for commit hashes (though migration to SHA-256 is underway). Some older systems and protocols still use it. For new projects, there's no reason to choose SHA-1 over SHA-256.
SHA-256 — The Current Standard
Output size: 256 bits (64 hex characters)
Part of: SHA-2 family, designed by NSA, published by NIST in 2001
SHA-256 is the workhorse of modern cryptography. It's used in Bitcoin mining, TLS certificates, code signing, digital signatures, and as the recommended hash function for virtually all new security applications.
No practical collision attacks exist against SHA-256. The theoretical complexity of finding a collision is 2¹²⁸ operations — well beyond the capability of any current or near-future technology.
Use SHA-256 for:
- File integrity verification where security matters
- Digital signatures and certificate chains
- HMAC-based authentication tokens
- Content-addressable storage
- Any application where collision resistance is required
→ Generate SHA-256 hashes instantly with the TextNoteKit Hash Generator
SHA-512 — Maximum Security
Output size: 512 bits (128 hex characters)
Part of: SHA-2 family
SHA-512 uses the same underlying algorithm as SHA-256 but operates on 64-bit words instead of 32-bit words, producing a longer hash. On 64-bit processors (which is nearly everything in 2026), SHA-512 is often faster than SHA-256 — counterintuitive but true, because its internal operations align better with 64-bit CPU architecture.
In practice, SHA-512 is used when applications need an extra security margin — government systems, financial infrastructure, and scenarios where the cost of a collision would be catastrophic. For most applications, SHA-256 provides more than sufficient security.
💡 Key Takeaway
"Hashing is a one-way operation — you can't reverse a hash to get the original input. This makes hash functions fundamentally different from encryption, which is designed to be reversible with the right key. Never confuse the two."
Hashing vs. Encryption
This is the most important distinction in this article. Hashing and encryption are both transformations of data, but they serve fundamentally different purposes:
| Property | Hashing | Encryption |
|---|---|---|
| Reversible? | No — one-way | Yes — with the correct key |
| Output size | Fixed (e.g., 256 bits) | Variable (depends on input) |
| Uses a key? | No | Yes (symmetric or asymmetric) |
| Purpose | Verify, identify, fingerprint | Protect confidentiality |
| Example use | Password verification | Encrypted messaging |
For a related encoding scheme that's often confused with both hashing and encryption, see our Complete Guide to Base64 Encoding. Base64 is neither hashing nor encryption — it's reversible encoding with no key, designed purely for data transport.
Common Uses of Hash Functions
- Password storage. Sites store hashed (and salted) passwords. When you log in, your input is hashed and compared. The site never stores your actual password.
- File integrity (checksums). Download pages often display SHA-256 hashes. After downloading, you hash the file locally and compare — if the hashes match, the file hasn't been corrupted or tampered with.
- Git commits. Every Git commit is identified by a SHA-1 hash of its content, parent commit, author, and timestamp. This creates an immutable, verifiable chain of history.
- Digital signatures. When you digitally sign a document, you're actually signing a hash of the document — not the document itself. This is more efficient and equally secure.
- Blockchain. Bitcoin and most cryptocurrencies use SHA-256 hashing extensively — for mining (proof of work), transaction verification, and block linking.
- Data deduplication. Cloud storage systems hash file blocks to detect duplicates. If two users upload the same file, only one copy is stored.
Collision Attacks Explained Simply
A collision occurs when two different inputs produce the same hash output. Since hash functions produce fixed-length outputs but accept unlimited-length inputs, collisions must mathematically exist (pigeonhole principle). The question is whether an attacker can deliberately find or create one.
For MD5 (128-bit), researchers can create collisions in seconds on a modern laptop. For SHA-1 (160-bit), Google's SHAttered attack demonstrated the first practical collision in 2017, requiring 6,500 CPU-years of computation. For SHA-256 (256-bit), no practical collision has ever been found, and the theoretical complexity (2¹²⁸ operations) is beyond the reach of all current technology.
This is why algorithm selection matters. MD5 and SHA-1 are broken not because their outputs are too short, but because mathematically efficient shortcuts have been discovered that allow attackers to find collisions without brute-forcing all possible inputs.
Practical Example: Verifying a File Download
Here's a real-world workflow that uses hashing:
# 1. Website publishes the expected SHA-256 hash: # SHA-256: a1b2c3d4e5f6... # 2. You download the file and compute its hash: $ sha256sum downloaded-file.zip a1b2c3d4e5f6... downloaded-file.zip # 3. Compare the hashes: # If they match → file is intact # If they differ → file is corrupted or tampered with
You can use the TextNoteKit Hash Generator to compute hashes for text content directly in your browser. For file hashing, use the command-line tools shown above or the Base64 tool for encoding binary content into text-safe formats.
Frequently Asked Questions
Can you reverse a hash to get the original text?
No. Hash functions are mathematically one-way. You cannot compute the input from the output. Attackers who "crack" hashes aren't reversing them — they're guessing common inputs (like dictionary passwords), hashing each guess, and comparing the result to the target hash. This is why long, random passwords are resistant to hash cracking.
Is MD5 safe for anything?
MD5 is safe for non-security uses like generating cache keys, creating unique file identifiers for deduplication, or computing checksums where the threat model doesn't include an adversary deliberately crafting collisions. It should never be used for password hashing, digital signatures, or certificate verification.
What's the difference between SHA-256 and SHA-512?
Both are part of the SHA-2 family and use the same core algorithm. SHA-256 produces a 256-bit (32-byte) hash and operates on 32-bit words. SHA-512 produces a 512-bit (64-byte) hash and operates on 64-bit words. On modern 64-bit processors, SHA-512 is often faster than SHA-256. Both are considered cryptographically secure in 2026.
Should I use bcrypt or SHA-256 for passwords?
Use bcrypt (or Argon2 or scrypt) for password hashing — not SHA-256 directly. SHA-256 is too fast for password hashing. Attackers can compute billions of SHA-256 hashes per second. bcrypt is deliberately slow and includes a configurable work factor, making brute-force attacks impractical even with specialized hardware.