Hash Algorithm Comparison: When to Use MD5, SHA, or Bcrypt?
Compare the characteristics and purposes of various hash algorithms and get a guide for choosing the right one for each situation.
What Is a Hash Function?
A hash function is a mathematical function that converts data of arbitrary size into a fixed-size unique value. This converted value is called a hash, digest, or checksum. Hash functions are core components of modern computer security, used in various fields from password storage to blockchain.
To understand hash functions, let's use an analogy. A hash function is like a meat grinder that turns meat into hamburger patties. The same ingredients always produce the same result, but it's impossible to restore the original meat's shape from the patty. This is the core characteristic of hash functions.
Essential Properties of Hash Functions
A secure cryptographic hash function must have these four essential properties:
1. Deterministic
The same input always produces the same output. Without this property, hashes couldn't be used for data verification.
// Always produces identical result
MD5("Hello") === "8b1a9953c4611296a827abf8c47804d7" // true
MD5("Hello") === "8b1a9953c4611296a827abf8c47804d7" // true (always)
2. One-way
Reversing the hash value to find the original data must be computationally infeasible. This property allows hashes to be safely used for password storage. Even if a database is leaked, the original password cannot be recovered from the hash value alone.
3. Collision Resistance
When two different inputs produce the same hash value, it's called a collision. A good hash function must make finding collisions extremely difficult. This is why MD5 and SHA-1 are no longer recommended for security purposes - collisions have been found.
4. Avalanche Effect
If even a single bit of input changes, the output must change completely. This property prevents inferring hash value patterns from similar inputs.
MD5("Hello") = "8b1a9953c4611296a827abf8c47804d7"
MD5("hello") = "5d41402abc4b2a76b9719d911017c592"
// One uppercase letter difference but completely different results
In-Depth Analysis of Major Hash Algorithms
MD5: Why You Should No Longer Use It for Security
MD5 is a 128-bit hash function designed by Ronald Rivest in 1991. It was once the most widely used, but should no longer be used for security purposes.
Input: "Hello World"
Output: b10a8db164e0754105b7a99be72e3fe5
Length: 128 bits (32 hex characters)
The Fall of MD5: In 2004, a Chinese research team led by Wang Xiaoyun discovered collisions in MD5. Later in 2008, MD5 collisions were exploited to create fake SSL certificates. Currently, ordinary computers can generate MD5 collisions within seconds.
When MD5 is still acceptable:
- File download integrity verification (for error detection, not security)
- Cache key generation
- Non-security checksums
SHA-1: Google's SHAttered Attack
SHA-1 is a 160-bit hash function designed by NSA and standardized by NIST. It was considered safer than MD5, but in 2017, Google and CWI Amsterdam demonstrated a collision through the "SHAttered" attack.
In this attack, researchers generated two PDF files with identical SHA-1 hash values but different content. The computation used was equivalent to 6,500 years of CPU time and 110 years of GPU time. Though it required massive resources, the moment the collision was proven possible, SHA-1's security credibility ended.
Current status: Most browsers and certificate authorities reject SHA-1 certificates.
SHA-256 (SHA-2): The Current Standard
The SHA-2 family succeeded SHA-1, with variations including SHA-224, SHA-256, SHA-384, and SHA-512. Among these, SHA-256 is most widely used.
Input: "Hello World"
Output: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e
Length: 256 bits (64 hex characters)
SHA-256 and Bitcoin: Bitcoin uses SHA-256 at its core. Miners perform trillions of hash calculations to find a nonce value where the SHA-256 hash of the block header meets certain conditions (many leading zeros). SHA-256's unpredictability makes this process fair.
Uses:
- Digital signatures (with RSA, ECDSA)
- SSL/TLS certificates
- Blockchain
- File integrity verification
SHA-3: Keccak's New Approach
SHA-3 is the latest hash function standardized by NIST in 2015. It uses a completely different structure (sponge construction) than SHA-2, so even if vulnerabilities are found in SHA-2, SHA-3 would be unaffected.
SHA-3's design philosophy was "make it different." While SHA-2 uses the Merkle-Damgard construction, SHA-3's Keccak algorithm is based on sponge functions. This is a form of insurance - SHA-2 is still secure, but an alternative is ready for future attacks.
Bcrypt: Special Hash for Passwords
Unlike general-purpose hashes, Bcrypt is intentionally designed to be slow. In password hashing, "slow" is an advantage - it prevents attackers from trying billions of passwords per second.
// Using work factor (cost) of 12
bcrypt.hash("password", 12)
// Example output
$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/X4.VVzfQl0Pfy6.nO
Bcrypt hash structure:
$2b$- Algorithm version12$- Work factor (2^12 = 4,096 iterations)- Next 22 chars - Salt (Base64 encoded)
- Remainder - Actual hash value
The calculation time doubles with each work factor increase of 1. Current recommended value is 10-12.
Argon2: The Latest Password Hash
Argon2 is the algorithm that won the 2015 Password Hashing Competition. It's designed to be memory-intensive, making it resistant to GPU parallel attacks.
Parameters:
- Memory: How much RAM to use
- Time: How long to calculate
- Parallelism: How many threads to use
The Argon2id variant is recommended for general use. Use Argon2 for new projects, and Bcrypt when legacy compatibility is needed.
Practical Usage Guide
Password Storage: Salt and Pepper
Salt: Add a unique random value to each password. Even the same password produces different hash values, neutralizing rainbow table attacks.
// Using Salt
password: "password123"
salt: "x7Gh9kL2" (randomly generated)
hash: bcrypt("password123" + "x7Gh9kL2")
Pepper: While salt is stored in the database with the hash, pepper is managed as a separate secret (environment variable, hardware security module, etc.). Even if the database is leaked, passwords can't be verified without the pepper.
File Integrity Verification
When distributing software, providing SHA-256 checksums allows verification that downloaded files haven't been tampered with.
# Generate file hash
sha256sum ubuntu-22.04.iso
# a1b2c3d4e5f6... ubuntu-22.04.iso
# Verify
echo "a1b2c3d4e5f6... ubuntu-22.04.iso" | sha256sum --check
Algorithm Selection Guide by Purpose
| Purpose | Recommended Algorithm | Not Recommended |
|---|---|---|
| Password storage | Argon2id, Bcrypt, PBKDF2 | MD5, SHA family (too fast) |
| File integrity | SHA-256, SHA-512 | MD5 (collision possible) |
| Digital signatures | SHA-256 + RSA/ECDSA | SHA-1 (collision attack) |
| API tokens | HMAC-SHA256 | - |
| Cache keys | MD5, SHA-1 (fast) | - |
Code Examples
Node.js
const crypto = require('crypto');
const bcrypt = require('bcrypt');
// SHA-256
const sha256 = crypto.createHash('sha256')
.update('Hello World')
.digest('hex');
// Bcrypt
const hash = await bcrypt.hash('password', 12);
const isValid = await bcrypt.compare('password', hash);
Python
import hashlib
import bcrypt
# SHA-256
sha256 = hashlib.sha256(b'Hello World').hexdigest()
# Bcrypt
hashed = bcrypt.hashpw(b'password', bcrypt.gensalt(12))
is_valid = bcrypt.checkpw(b'password', hashed)
Toolypet Hash Tools
Generate and verify various hashes quickly with Toolypet's hash tools:
- MD5/SHA Generator: Instantly calculate hash values for text or files
- Bcrypt Tool: Generate and verify password hashes
- Hash Comparison: Safely compare two hash values (timing attack prevention)
Handle hash operations needed for development and testing conveniently with Toolypet.