MD5 vs SHA-256: When to Use Which
MD5 and SHA-256 are both hash functions: feed in any amount of data and you get back a fixed-length string of hex characters that acts like a fingerprint for that data. They look similar in a tool, so people treat them as interchangeable. They are not. One of them has been unsafe for security work for nearly two decades, and the other is the default you should reach for. The trick is knowing which job you are actually doing.
The thirty-second version
MD5 produces a 128-bit digest, written as 32 hex characters. SHA-256 produces a 256-bit digest, written as 64 hex characters. MD5 is faster to compute, but it is broken for security: anyone can deliberately create two different inputs that share the same MD5 hash. SHA-256 has no such practical weakness. If a decision touches security in any way, use SHA-256. If you only need a cheap way to spot accidental duplicates, MD5 is still fine.
A hash is one-way. You cannot “decrypt” an MD5 or SHA-256 value back into the original text. So-called decrypters are just dictionaries of pre-computed hashes for common inputs. They look the word up; they don’t reverse the maths.
Side by side
| MD5 | SHA-256 | |
|---|---|---|
| Digest size | 128-bit (32 hex chars) | 256-bit (64 hex chars) |
| Speed | Faster | Slower, still negligible for small inputs |
| Collision resistance | Broken since 2004 | No known practical attack |
| Safe for integrity checks | No | Yes |
| Good for de-duplication | Yes | Yes (overkill, but fine) |
What “collision resistance” actually means
A collision is when two different inputs produce the same hash. Every hash function has collisions in theory, because you are squeezing unlimited inputs into a fixed number of outputs. What matters is whether an attacker can create one on purpose. With MD5 they can, cheaply, on a laptop. That is the whole problem: a hash is supposed to prove “this is exactly the file I expect,” and MD5 can no longer make that promise. A malicious file can be crafted to match the MD5 of a trusted one.
With SHA-256, no one has demonstrated a practical way to do this. That is why software downloads, digital signatures, and blockchain systems all rely on the SHA-2 family rather than MD5.
Where MD5 is still acceptable
MD5 is not radioactive. It is perfectly reasonable when no attacker is involved and you only care about accidental changes:
- Detecting duplicate files in a folder by comparing fingerprints.
- A quick checksum to confirm a large copy finished without corruption.
- Cache keys, ETags and other internal bookkeeping where collisions are a non-issue.
In all of these, the “enemy” is a flaky disk or a dropped network packet, not a person trying to fool you. MD5’s speed is a genuine, if small, advantage there.
Where you must use SHA-256 (or stronger)
- Verifying that a downloaded file matches the publisher’s stated checksum.
- Any digital signature, certificate or token where tampering must be detectable.
- Generating content-addressed identifiers that need to be unforgeable.
The one place neither belongs: passwords
Storing passwords as raw MD5 or even raw SHA-256 is a classic mistake. Both are designed to be
fast, and speed is exactly what a password cracker wants: billions of guesses per
second against a stolen database. Passwords need a deliberately slow, salted algorithm built for
the purpose: bcrypt, scrypt or Argon2. Reach for those, not
a general hash.
Try it yourself
The fastest way to build intuition is to hash the same text both ways and watch the output length and randomness. Run a string through the MD5 tool and then the SHA-256 tool, change a single character, and notice how the entire digest changes. If you are auditing an older system, the SHA-1 tool is worth a look too. SHA-1 sits between the two, and it is also considered unsafe for new security work.
Frequently asked questions
Is MD5 broken?
MD5 is broken for security. Researchers can create two different files with the same MD5 hash on demand, so it can no longer prove a file has not been tampered with. It is still fine as a fast, non-security checksum, such as detecting accidental duplicates.
Is SHA-256 better than MD5?
For anything related to security, yes. SHA-256 has no known practical collision attack and produces a longer 256-bit digest. MD5 is only faster, which rarely matters for the small inputs most people hash.
Can I store passwords with SHA-256?
Not on its own. Plain SHA-256 is too fast, which helps attackers guess passwords quickly. Use a dedicated password hash such as bcrypt, scrypt or Argon2, which are deliberately slow and salted.
Why do two tools give different hashes for the same text?
Usually because of an invisible difference in the input, such as a trailing newline, different line endings, or text encoding. Hashes change completely if even one byte differs, so check that the exact same bytes are being hashed.