A Brief History
Hash algorithms have evolved as old ones got broken.
| Algorithm | Year | Output | Status |
|---|---|---|---|
| MD5 | 1991 | 128-bit | Broken |
| SHA-1 | 1995 | 160-bit | Deprecated |
| SHA-2 | 2001 | 256/512-bit | Secure |
| SHA-3 | 2015 | 256/512-bit | Secure |
MD5
128-bit output. Broken.
Collisions found in 2004. Today, you can generate two files with the same MD5 hash in seconds on a laptop.
Never use MD5 for security.
Still appears in:
- File checksums (non-security)
- Legacy systems that haven’t upgraded
SHA-1
160-bit output. Deprecated.
Theoretical breaks started in 2005. In 2017, Google demonstrated a real collision (the SHAttered attack).
- Cost: ~$110,000 in cloud compute
- Result: two different PDFs with the same SHA-1 hash
Deprecated everywhere:
- Certificates stopped using it in 2017
- Git is migrating away from it
- Browsers reject SHA-1 certificates
SHA-2 Family
Currently secure. No collisions found.
| Variant | Output | Block Size |
|---|---|---|
| SHA-256 | 256-bit | 512-bit |
| SHA-384 | 384-bit | 1024-bit |
| SHA-512 | 512-bit | 1024-bit |
SHA-256 is the most widely used:
- Bitcoin and Ethereum
- TLS certificates
- Code signing
SHA-2 uses a similar internal structure to SHA-1, just with larger numbers and more rounds.
SHA-3
Currently secure. The backup plan.
SHA-3 uses a completely different design called Keccak (the sponge construction).
Why it exists:
- SHA-2 and SHA-1 share similar internals
- If SHA-2 breaks, we need something structurally different
- SHA-3 is that insurance policy
Not widely adopted yet. SHA-2 is still secure, so most systems haven’t switched.
Which Should You Use?
| Use Case | Recommendation |
|---|---|
| New projects | SHA-256 |
| Need longer hash | SHA-512 |
| Future-proofing | SHA-3-256 |
| Passwords | Neither (use bcrypt, argon2) |
For passwords, regular hash functions are too fast. Attackers can try billions of guesses per second. Use specialized password hashing functions instead.