MD5 vs SHA-256: Which Hash Function Should You Use?

Here's a question that comes up in every developer's career: "Should I use MD5 or SHA-256?" The short answer is: SHA-256, almost always. But the longer answer involves understanding why MD5 fell from grace, where it's still okay, and when neither is the right choice. Let's dig in.

The Tale of the Tape

Same Input, Different Fingerprints

Input: "Hello, World!"

MD5:    65a8e27d8879283831b664bd8b7f0ad4          (32 characters)
SHA-256: dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f (64 characters)

Both are deterministic — same input, same output, every time. But SHA-256's output is twice as long, meaning there are exponentially more possible hash values: 2²⁵⁶ vs 2¹²⁸. That's the difference between "a lot" and "a LOT lot."

Why MD5 Is Broken (A Brief Crime Story)

A "collision" means finding two different inputs that produce the same hash. For a secure hash function, this should be practically impossible. For MD5... it's not.

Why Should You Care About Collisions?

Imagine you sign a contract and publish its MD5 hash as proof. An attacker could craft a completely different document with the SAME MD5 hash — effectively forging a contract that passes verification. With SHA-256? That attack would take longer than the age of the universe.

When MD5 Is Still Totally Fine

Despite being cryptographically broken, MD5 isn't useless. It's still great for non-security purposes:

• File deduplication: Quickly spotting duplicate files in storage. If two files share an MD5, they're almost certainly identical.
• Cache keys: Generating short, well-distributed keys from request parameters.
• Non-security checksums: Detecting accidental data corruption (not intentional tampering).
• Hash-based partitioning: Distributing data across shards.
• Legacy compatibility: When an older system requires MD5.

// Totally fine: MD5 as a cache key
import { createHash } from 'node:crypto';

function getCacheKey(params) {
  return createHash('md5')
    .update(JSON.stringify(params))
    .digest('hex');
}
// Fast, short, good distribution — security is irrelevant here

When SHA-256 Is the Right Call

Anything involving security, integrity, or trust:

• File integrity: Verifying downloads haven't been tampered with.
• Digital signatures: Signing documents, certificates, or software.
• HMAC authentication: Webhook verification, API request signing (AWS, Stripe, etc.).
• Blockchain: Bitcoin and most cryptocurrencies run on SHA-256.
• Subresource Integrity (SRI): Ensuring CDN scripts haven't been modified.

<!-- SRI: the browser verifies the script matches this hash -->
<script
  src="https://cdn.example.com/library.js"
  integrity="sha256-abcdef1234567890..."
  crossorigin="anonymous"
></script>

Computing Both: It's Easy Everywhere

JavaScript (Node.js)

import { createHash } from 'node:crypto';

const input = 'Hello, World!';
const md5 = createHash('md5').update(input).digest('hex');
const sha256 = createHash('sha256').update(input).digest('hex');

console.log(`MD5:    ${md5}`);
console.log(`SHA256: ${sha256}`);

Python

import hashlib

data = b'Hello, World!'
print(f"MD5:    {hashlib.md5(data).hexdigest()}")
print(f"SHA256: {hashlib.sha256(data).hexdigest()}")

Command Line

echo -n "Hello, World!" | md5sum
echo -n "Hello, World!" | sha256sum

But What About Speed?

MD5 is about 30-40% faster than SHA-256. But here's the thing — both are incredibly fast on modern hardware:

What About the Other Hash Functions?

• SHA-1 (160-bit): Also broken. Google demonstrated a practical collision in 2017. Don't use for security.
• SHA-512: Actually faster than SHA-256 on 64-bit processors (it works on 64-bit words natively).
• SHA-3 (Keccak): Completely different design from SHA-2. Good for when you need diversity or specific compliance.
• BLAKE3: A modern, extremely fast option. Not as widely adopted yet, but gaining serious traction.

The Decision Cheat Sheet

Is this for security (integrity, signatures, auth)?
  YES → Use SHA-256 (or SHA-512, SHA-3, BLAKE3)
  NO  → Is it for password storage?
         YES → Use bcrypt or Argon2 (NOT any raw hash!)
         NO  → Is performance critical and security irrelevant?
                YES → MD5 is fine (cache keys, dedup)
                NO  → Default to SHA-256

Wrapping Up

MD5 is a perfectly fine checksum for non-security stuff where speed and short output matter. But for anything involving security — file integrity, signatures, authentication, content verification — SHA-256 is the clear winner. The performance gap has essentially disappeared on modern hardware, while the security gap is absolute. When in doubt? SHA-256. Always.