Is hashing the same as encryption?
No. Encryption is reversible (with the right key); hashing is one-way. You can decrypt ciphertext; you cannot "unhash" a hash.
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512 hashes
MD5
SHA-1
SHA-256
SHA-512
Hash Generator
Is MD5 still usable?
Not for security (passwords, authentication). For non-security uses like deduplication, cache keys, or checksums where collisions are acceptable, MD5 is still fine.
Does the same text always produce the same hash?
Yes -- hash functions are deterministic. Adding a single space or changing capitalization produces a completely different hash. This is the avalanche effect.
What Is a Hash Function?
A hash function takes any input -- a word, a document, a terabyte of data -- and produces a fixed-size output called a digest or hash. MD5 always produces 128 bits. SHA-256 always produces 256 bits. SHA-512 always produces 512 bits. Three key properties define cryptographic hash functions: deterministic (same input = same output), one-way (you can't reverse the hash to get the input), and collision-resistant (it's computationally infeasible to find two different inputs that produce the same hash).
Why MD5 and SHA-1 Are "Broken" (and What That Means)
When cryptographers say MD5 is "broken," they mean collision attacks have been demonstrated: researchers can craft two different documents that produce the same MD5 hash. This breaks file integrity verification -- an attacker could replace a legitimate file with a malicious one that has the same hash. SHA-1 has similar weaknesses (the SHAttered attack in 2017 was the first practical collision). For security use cases, SHA-256 and SHA-512 remain unbroken.
File Integrity: How Hash Verification Works
Download Linux from the official site and you'll see a SHA-256 checksum next to the download link. After downloading, run sha256sum on the file and compare. If they match, the file is bit-for-bit identical to what the server provided -- no corruption in transit, no tampering. The avalanche effect means even a single bit change (malware injected, download corruption) produces a completely different hash. File integrity verification is one of the most practical uses of hash functions.
Why You Should Never Hash Passwords with SHA-256
SHA-256 is fast -- that's the problem. A modern GPU can compute billions of SHA-256 hashes per second, making brute-force attacks trivial for common passwords. Password hashing algorithms like bcrypt, scrypt, and Argon2 are intentionally slow and memory-hard. They also incorporate salt -- a unique random value added to each password before hashing -- so two users with the same password get different hashes. Never store passwords as raw SHA or MD5 hashes.
Hash Functions in Blockchain and Cryptocurrencies
Bitcoin's proof-of-work requires miners to find a nonce such that SHA-256(SHA-256(block_header + nonce)) starts with a certain number of leading zeros. This is computationally expensive by design -- the difficulty adjusts so finding a valid block takes roughly 10 minutes. Every block also contains the previous block's hash, creating a chain. Modify any historical transaction and every subsequent block hash changes -- detectable immediately by any node.
Frequently Asked Questions
Is MD5 still usable?
Not for security (passwords, authentication). For non-security uses like deduplication, cache keys, or checksums where collisions are acceptable, MD5 is still fine.
Is hashing the same as encryption?
No. Encryption is reversible (with the right key); hashing is one-way. You can decrypt ciphertext; you cannot "unhash" a hash.
Does the same text always produce the same hash?
Yes -- hash functions are deterministic. Adding a single space or changing capitalization produces a completely different hash. This is the avalanche effect.