Passer au contenu principal
Retour au blog
Security • Apr 25, 2026 • 5 min de lecture

MD5 vs SHA-1 vs SHA-256: Which Hash for Which Job

MD5 is broken for security. SHA-1 is deprecated. SHA-256 is the current default. Use the right algorithm for the right task.

MD5: 128-bit output, fast, BROKEN. Do not use for password storage or signatures. Still acceptable as a non-security checksum (downloading installer integrity). SHA-1: 160-bit, deprecated by NIST in 2011, fully broken by Google in 2017. Do not use for new code. SHA-256: 256-bit, part of the SHA-2 family, currently secure. Used for TLS, Bitcoin, file integrity, certificate signatures. For password storage, use bcrypt or argon2 (not plain SHA-256) — they are deliberately slow to resist brute force. Our MD5 Generator and SHA Generator compute both; pick by intended use.