Is MD5 still safe to use?

Not for security. MD5 collisions can be generated in seconds, so it must not be used where an attacker could benefit. It's fine only as a non-adversarial checksum for detecting accidental corruption.

Should I use SHA-256 for passwords?

No. Plain SHA-256 is too fast for password storage. Use a slow, salted password hash such as bcrypt, scrypt, or Argon2.

← All articles

MD5 vs SHA-256: Which Hash Should You Use?

June 18, 2026

If you're choosing a hash function in 2026, the short version is: use SHA-256 (or stronger) for anything security-related, and treat MD5 as a non-security checksum only. Here's why, with the practical trade-offs.

What a hash function does

A cryptographic hash takes any input and produces a fixed-size "fingerprint." The same input always yields the same output, a tiny change in input changes the output completely, and you can't reverse the output back to the input. MD5 produces a 128-bit (32 hex character) digest; SHA-256 produces a 256-bit (64 hex character) digest.

The decisive difference: collision resistance

A collision is two different inputs that produce the same hash. A secure hash makes finding one infeasible. MD5 fails this badly:

MD5 is broken. Collisions can be generated in seconds on a laptop. Researchers have built colliding files, certificates, and even malware that shares a hash with a benign file. It must not be used where an attacker could benefit from a collision.
SHA-256 has no known practical collision attack. It's part of the SHA-2 family and remains a current, recommended standard.

Side by side

Property	MD5	SHA-256
Digest size	128-bit (32 hex)	256-bit (64 hex)
Collision resistance	Broken	Strong
Speed	Faster	Slightly slower
Use for security?	No	Yes
Use as a checksum?	OK (non-adversarial)	Yes

When MD5 is still fine

MD5 isn't useless — it's just not secure. It's acceptable where no attacker is trying to trick you: detecting accidental file corruption, cache keys, deduplicating files, or quick non-security fingerprints. If an adversary could profit from forging a match, switch to SHA-256.

What about passwords?

Neither MD5 nor plain SHA-256 is appropriate for storing passwords — both are too fast, which makes brute-forcing cheap. Use a purpose-built password hash like bcrypt, scrypt, or Argon2, which are deliberately slow and salted.

Try it yourself

You can generate and compare MD5, SHA-1, SHA-256, and other digests for any text right in your browser with the Hash Generator — paste an input, change one character, and watch the entire SHA-256 digest change. It's a quick way to see collision resistance and the avalanche effect in action.

Bottom line

Default to SHA-256. Reserve MD5 for fast, non-adversarial checksums, and never use either for password storage.

Try the tool

Hash Generator