TheOmniTool logoTheOmniTool
July 11, 2026 · 6 min read

Hashing Explained: MD5 vs SHA-256, and Why It Matters

What cryptographic hashing actually does, why MD5 is broken, when SHA-256 is the right choice, and why none of them should store your passwords.

Hashes show up everywhere — file downloads, Git commits, password systems, blockchains — yet "hashing" is one of the most misunderstood ideas in computing. Here's what it actually does, which algorithm to use, and the mistake that still causes data breaches.

What a hash function does

A hash function takes any input — a word, a file, a 4 GB video — and produces a fixed-size fingerprint. SHA-256, for example, always outputs 256 bits (64 hex characters):

  • "hello" → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
  • "Hello" → 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969

One capital letter, completely different fingerprint. Three properties make this useful:

  1. Deterministic — same input always gives the same hash
  2. One-way — you can't reverse a hash back into the input
  3. Collision-resistant — you can't find two inputs with the same hash (this is the property that breaks first)

Try it yourself in the Hash Generator — type a message and change one character.

Hashing is not encryption

Encryption is reversible with the right key; hashing has no key and no way back. You encrypt things you need to read later; you hash things you only need to verify later. (And Base64 is neither — it's plain encoding anyone can undo.)

Why MD5 and SHA-1 are broken

MD5 (1992) and SHA-1 (1995) both fail collision resistance. Researchers demonstrated real MD5 collisions in 2004 — attackers can now craft two different files with the same MD5 hash in seconds on a laptop. For SHA-1, Google demonstrated the same in 2017 with two different PDFs.

Why that matters: if someone can create a malicious file with the same hash as a legitimate one, hash verification becomes worthless — you'd verify the fingerprint and still install malware.

Are they useless? For security, yes. As fast checksums for accidental corruption or deduplication where no attacker exists, MD5 still appears — but there's no reason to choose it for anything new.

What to use instead

SHA-256 is the current standard: file integrity checks, digital signatures, certificate chains, Git's newer object format, Bitcoin. SHA-512 is equally secure with a longer output and is often faster on 64-bit servers. Either is a sound default.

A practical use you can do today: when you download software, the vendor often publishes a SHA-256 checksum. Hash your downloaded file and compare — if even one character differs, the file was corrupted or tampered with in transit.

The password mistake

Here's the counterintuitive part: SHA-256 is the wrong tool for storing passwords — precisely because it's fast. A GPU can compute billions of SHA-256 hashes per second, which means an attacker who steals your database can guess billions of passwords per second against it.

Password storage needs deliberately slow, salted algorithms: bcrypt, scrypt, or Argon2. They're designed so each guess costs real time, turning a weekend crack into centuries. If you're building anything with logins, this single choice matters more than almost any other security decision.

For verifying message authenticity between two parties who share a secret, the right construction is an HMAC — a keyed hash. Our HMAC Generator demonstrates how the same message produces different signatures under different keys.

Quick reference

  • Checking downloads / file integrity → SHA-256
  • Signatures, certificates → SHA-256/384
  • Storing passwords → bcrypt / Argon2 (never a plain hash)
  • API request signing → HMAC-SHA256
  • Anything security-related → never MD5 or SHA-1

Experiment with all of these in the Hash Generator — input never leaves your browser.