Short answer
Use SHA-2 (typically SHA-256) or SHA-3 for any security-sensitive purpose. MD5 is fast but obsolete for security; keep it only for non-adversarial checksums or legacy compatibility.
Quick comparison
| Attribute | MD5 | SHA-1 | SHA-256 (SHA-2) / SHA-3 |
|---|---|---|---|
| Output size | 128 bits | 160 bits | 256+ bits |
| Collision resistance | Broken (practical collisions) | Broken (practical collisions) | Strong (currently secure) |
| Pre-image resistance | Weak | Weak | Strong |
| Speed | Very fast | Fast | Moderate |
| Appropriate uses | Non-security checksums, dedupe, legacy systems | Legacy only | File integrity for security, certificates, blockchain, modern protocols |
| Not recommended when | Security, signing, password hashing | Security, signing | N/A (preferred) |
Practical guidance
- For file verification, downloads, or digital signatures: use SHA-256 (or SHA-512/SHA-3 when you need larger output or algorithmic diversity).
- For password storage: don’t use raw MD5 or raw SHA-256 — use a slow, memory-hard KDF (Argon2, bcrypt, scrypt, or PBKDF2 with a salt).
- For performance-sensitive, non-adversarial tasks (fast deduplication, quick IDs): MD5 is acceptable but document the risk and avoid for anything security-related.
- For legacy systems depending on MD5/SHA-1: plan and prioritize migration to SHA-2/SHA-3.
One-line rule
If an attacker might try to tamper with or fake data, avoid MD5; pick SHA-256 or stronger.
Leave a Reply