Security
6 min read
Hash Algorithms Compared: MD5 vs SHA-256 vs SHA-3
Cryptographic hash functions are fundamental to modern security infrastructure. They convert arbitrary data into fixed-length outputs, enabling integrity verification and digital signatures.
MD5 โ Deprecated
MD5 produces a 128-bit hash. It is cryptographically broken โ collision attacks can be performed in seconds. Never use MD5 for security purposes.
SHA-256 โ Recommended
Part of the SHA-2 family, SHA-256 produces a 256-bit hash. It is the industry standard for TLS certificates, code signing, and blockchain.
SHA-3 โ Next Generation
SHA-3 uses a completely different internal structure (Keccak sponge construction). While SHA-2 remains secure, SHA-3 provides defense-in-depth against potential future attacks.
Quick Comparison
- File integrity checks โ SHA-256 (or MD5 for non-security contexts)
- Password hashing โ Use bcrypt, Argon2, or scrypt (not raw SHA)
- Digital signatures โ SHA-256 or SHA-3
- Content addressing โ SHA-256 (used by Git, Docker)