在线开发者工具箱
CryptoSecurityHashing

Cryptographic Hashes Explained

March 15, 2026·6 min read

A cryptographic hash function takes arbitrary data — whether a small password or a massive 4GB movie file — and turns it into a fixed-size string of characters, typically representing hexadecimal numbers.

This generated value is referred to as the hash, digest, or checksum.

1. MD5 Message-Digest Algorithm

MD5 outputs a 128-bit hash value that typically displays as a 32-digit hexadecimal block. It was heavily used in the 1990s to secure file transfers and simple hashes.

Status: Broken. Due to collisions (when two completely different files generate the same exact MD5 hash), MD5 is widely considered unsafe for security applications. It is strictly recommended only for basic integrity checks against non-malicious errors.

2. Secure Hash Algorithm (SHA-1)

SHA-1 produces a larger 160-bit hash. Adopted actively by SSL certificates, Git revision controls, and password stores around the turn of the century.

Status: Obsolete for passwords/security. In 2017, a joint strike force by CWI Amsterdam and Google successfully demonstrated an identical SHA-1 hash collision between two distinct PDF documents, famously known as the SHAttered attack.

3. SHA-256 (SHA-2 Family)

Currently the industry standard. This function generates an almost uncrackable 256-bit hash.

Status: Highly Secure. SHA-256 powers Bitcoin's proof-of-work mechanism, verifies modern SSL certificates, and is considered secure against known mathematical attacks.

4. Characteristics of Good Hashes

All major hash functions guarantee three specific behaviors:

  • Deterministic: The same input will forever generate the exact same resulting checksum.
  • Avalanche Effect: Changing just one bit of data alters the entire hash completely.
  • One-Way Function: Although you can encode "hello" into a hash easily, it is computationally impossible to "decode" that hash back into "hello" mathematically.

5. Conclusion

Stop using MD5 and SHA-1 for passwords! Use SHA-256 (or better yet, bcrypt/argon2 specifically tailored for passwords).

Try our free Hash Generator to create checksums securely against texts inside your browser instantly.