Hash Functions Comparison — MD5, SHA-1, SHA-256, bcrypt, Argon2
Hash functions have different speed, output size, and security properties. MD5 and SHA-1 are broken for security. SHA-256 works for data integrity. bcrypt and Argon2 are for...
Hash functions take input data and produce a fixed-size output (the hash or digest). Different hash functions are designed for different purposes: fast general-purpose hashing (SHA-256), file integrity verification, or deliberately slow password hashing (bcrypt, Argon2). Choosing the wrong one for security purposes is a critical vulnerability.
Use the Hash Generator to generate SHA-256, MD5, and other hash values.
Hash function properties
A cryptographic hash function must be:
- Deterministic: Same input always produces the same output
- One-way: Infeasible to reverse (find input from output)
- Collision-resistant: Infeasible to find two inputs with the same hash
- Avalanche effect: Small input change → completely different output
SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
SHA-256("hello!") = c0535e4be2b79ffd93291305436bf889314e4a3faec05ecffcbb7df31ad9e51aComparison table
| Hash | Output (bits) | Speed | Security | Use case |
|---|---|---|---|---|
| MD5 | 128 | Very fast | Broken | Legacy checksums only |
| SHA-1 | 160 | Fast | Broken | Legacy only |
| SHA-256 | 256 | Fast | Secure | Data integrity, HMAC |
| SHA-512 | 512 | Fast (64-bit) | Secure | High-security contexts |
| SHA-3/256 | 256 | Moderate | Secure | Post-SHA-2 alternative |
| bcrypt | 184 | Slow (intentional) | Secure | Passwords |
| Argon2id | Variable | Slow (intentional) | Secure | Passwords (recommended) |
| BLAKE3 | 256 | Very fast | Secure | General purpose (modern) |
MD5 and SHA-1: broken for security
Both MD5 and SHA-1 have known collision attacks — it’s possible to find two different inputs that produce the same hash:
# Collision example (simplified): same MD5 for different files
File A (malware): MD5 = a87ff679a2f3e71d9181a67b7542122c
File B (safe): MD5 = a87ff679a2f3e71d9181a67b7542122cReal-world attacks:
- Flame malware (2012): Used MD5 collision to forge a Microsoft code signing certificate
- SHAttered (2017): Google and CWI produced two PDF files with the same SHA-1 hash
Never use MD5 or SHA-1 for:
- Digital signatures
- Certificate fingerprints
- Password storage
- File integrity in security contexts
MD5 is still acceptable for:
- Non-security checksums (detecting accidental file corruption)
- Generating unique-ish identifiers from content
- Legacy systems where migration isn’t yet possible
SHA-256 and SHA-2 family
SHA-256 is the current standard for most security applications. It’s part of the SHA-2 family:
- SHA-224 (224-bit)
- SHA-256 (256-bit) — most common
- SHA-384 (384-bit)
- SHA-512 (512-bit)
// Node.js SHA-256:
const crypto = require('crypto');
const hash = crypto.createHash('sha256').update('hello').digest('hex');
// "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"
// HMAC-SHA256 (keyed hash for authentication):
const hmac = crypto.createHmac('sha256', 'secret-key')
.update('message')
.digest('hex');import hashlib, hmac
# SHA-256:
h = hashlib.sha256(b'hello').hexdigest()
# "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"
# HMAC-SHA256:
h = hmac.new(b'secret-key', b'message', hashlib.sha256).hexdigest()SHA-512 vs SHA-256:
- SHA-512 is faster than SHA-256 on 64-bit processors (fewer rounds relative to output size)
- SHA-256 is faster on 32-bit and mobile processors
- Both are secure — use SHA-256 unless you specifically need SHA-512
Password hashing: bcrypt
Passwords require slow hash functions. Fast hashes (SHA-256) let attackers test billions of passwords per second with GPUs.
bcrypt adds a cost factor that controls compute time:
// Node.js bcrypt:
const bcrypt = require('bcrypt');
// Hashing (cost factor 12 = ~300ms):
const hash = await bcrypt.hash('mypassword', 12);
// "$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LcdYmd..."
// Verifying:
const match = await bcrypt.compare('mypassword', hash);
// true
// Comparing timing (NOT bcrypt):
const wrongMatch = await bcrypt.compare('wrongpassword', hash);
// falseCost factor guidelines:
- 10: ~100ms (minimum for web)
- 12: ~300ms (recommended for web)
- 14: ~1200ms (use for high-security accounts)
Increase cost factor as hardware gets faster. The goal is making brute-force expensive even for attackers with dedicated hardware.
Password hashing: Argon2 (recommended)
Argon2 won the 2015 Password Hashing Competition. It’s more configurable than bcrypt:
// Node.js argon2:
const argon2 = require('argon2');
// Hash:
const hash = await argon2.hash('mypassword', {
type: argon2.argon2id, // Argon2id is recommended (hybrid)
memoryCost: 65536, // 64MB memory usage
timeCost: 3, // 3 iterations
parallelism: 4, // 4 parallel threads
});
// Verify:
const match = await argon2.verify(hash, 'mypassword');import argon2
ph = argon2.PasswordHasher(
time_cost=3,
memory_cost=65536, # 64MB
parallelism=4,
hash_len=32,
salt_len=16,
)
# Hash:
hash = ph.hash('mypassword')
# Verify:
try:
ph.verify(hash, 'mypassword')
print('Password correct')
except argon2.exceptions.VerifyMismatchError:
print('Wrong password')Argon2 vs bcrypt:
- Argon2 uses configurable memory (makes GPU attacks expensive)
- bcrypt is CPU-only (GPUs are less advantaged but still faster)
- For new systems: prefer Argon2id
- bcrypt is still acceptable for existing systems
BLAKE3: modern fast hashing
BLAKE3 is a new general-purpose hash function (2020) that’s very fast:
import { blake3 } from 'hash-wasm';
const hash = await blake3('hello');
// "ea8f163db38682925e4491c5e58d4bb3506ef8c14eb78a86e908c5624a67200f"BLAKE3 is:
- Significantly faster than SHA-256 (often 10x+)
- Secure (no known attacks)
- Supports variable-length output, streaming, keyed hashing, and key derivation
Use BLAKE3 for: checksums, content-addressable storage, file deduplication, any high-throughput hashing need.
Choosing the right hash function
| Need | Function |
|---|---|
| Password storage | Argon2id (new) or bcrypt (existing) |
| Data integrity / checksums | SHA-256 |
| HMAC (message authentication) | HMAC-SHA-256 |
| High-throughput content hashing | BLAKE3 |
| Digital signatures | SHA-256 (with RSA/ECDSA) |
| Git object IDs | SHA-1 (legacy) / SHA-256 (new) |
| Legacy checksum (non-security) | MD5 or SHA-1 (still OK here) |
Related tools
- Hash Generator — generate SHA-256, MD5, and other hashes
- SHA-256 Hash Generator — SHA-256 guide
- MD5 Hash Generator — MD5 usage guide
Related posts
- MD5 Is Dead. Use These Instead. — MD5 was broken in 2004 and is trivially cracked for passwords. Here's what to us…
- bcrypt Password Hashing — Why You Should Use bcrypt and How to Implement It — bcrypt is the standard password hashing algorithm for web applications. Learn wh…
- File Integrity Verification with Checksums — SHA-256 and MD5 — Verify file integrity using SHA-256 and MD5 checksums. Learn how to generate and…
- MD5 Hash Generator — Generate MD5 Checksums Online — MD5 generates a 128-bit hash fingerprint used for file integrity checking and ch…
- SHA-256 Hash Generator — Hash Text and Files with SHA-256 — SHA-256 produces a 256-bit fingerprint of any input. It's the standard for passw…
Related tool
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes client-side.
Written by Mian Ali Khalid. Part of the Encoding & Crypto pillar.