MD5 produces a 128-bit hash. SHA-1 produces a 160-bit hash. SHA-256 produces 256 bits. On the surface, these look like increasingly random strings of characters. But what's the actual difference, and why should you care?
What a Hash Function Does
A cryptographic hash function takes any input and produces a fixed-size output. The same input always produces the same output. But critically, you can't reverse it—you can't look at a hash and determine the original input.
Or rather, you shouldn't be able to. That's where MD5 and SHA-1 fail.
MD5: Broken but Still Everywhere
MD5 was designed in 1992 and was widely used for password hashing and file integrity checks. By 2004, researchers had demonstrated practical collision attacks—meaning two different inputs could produce the same hash.
MD5 should never be used for security purposes. Yet I still see it in legacy codebases and "checksum" utilities. If you're using MD5 for anything security-related, stop. Now.
SHA-1: Deprecated
SHA-1 was the successor to MD5, but it didn't take long for vulnerabilities to emerge. By 2017, Google had demonstrated a collision. Browser vendors started marking SHA-1 certificates as insecure. It's now officially deprecated for digital signatures.
SHA-256 and Beyond
SHA-256 (part of the SHA-2 family) is currently considered secure for most purposes. It produces a 256-bit hash and has no known practical collision attacks. SHA-512 is similar but with a 512-bit output, useful for applications requiring longer hashes.
SHA-3 is the newest standard, based on a different algorithm (Keccak). It's considered secure but hasn't seen widespread adoption yet—SHA-256 is usually sufficient.
What Should You Use?
For password hashing: Use bcrypt, scrypt, or Argon2. Not raw SHA-256. These algorithms are designed to be slow and memory-intensive, which is exactly what you want for passwords.
For file integrity: SHA-256 is fine.
For digital signatures: SHA-256 or SHA-512.