What Is a Checksum? MD5, SHA-1, SHA-256 Explained
A checksum is a short fingerprint that lets you verify a file has not been modified or corrupted. Understanding which hash algorithm to use — and where MD5 falls short — saves you from common security mistakes.
What Is a Checksum?
A checksum is a fixed-length string derived from a piece of data by running it through a hash function. The checksum acts as a fingerprint: if even a single bit of the original data changes, the checksum changes completely. This makes checksums useful for two things:
- Integrity verification — did this file arrive without corruption or tampering?
- Identity — is this exact file (or piece of data) the same as another copy?
When you download software from an official site, the download page often shows an MD5 or SHA-256 hash. After downloading, you calculate the hash of your local file and compare. If they match, the file is intact.
How a Hash Function Works
A cryptographic hash function takes input of any length and outputs a fixed-length digest. Four properties define a good hash function:
- Deterministic — the same input always produces the same output
- One-way — you cannot reverse a hash back to the original input (in any reasonable time)
- Avalanche effect — changing one character in the input changes roughly half of the output bits
- Collision-resistant — it should be computationally infeasible to find two different inputs that produce the same hash
SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824SHA-256("Hello") = 185f8db32921bd46d35e3a1a4e9a9b9c6a7e6a7d2d2c4e9d... (completely different)
MD5 — Fast, Familiar, and Broken for Security
MD5 (Message Digest Algorithm 5) produces a 128-bit (32 character hex) digest. It was designed in 1991 and became the default checksum algorithm on the internet for about two decades.
Where MD5 is still acceptable:
- Non-security integrity checks — verifying a large file transfer was not corrupted in transit
- Deduplication — checking if two files are identical (as a fast pre-check before a byte-by-byte compare)
- Cache keys and ETags where collision attacks are not a concern
Where MD5 is not acceptable:
- Password storage — MD5 is extremely fast, which makes brute-force attacks via GPU trivial. Billions of MD5 hashes per second are achievable with consumer hardware.
- Digital signatures — MD5 collision attacks have been demonstrated in practice. Two different files can be crafted to have the same MD5 hash.
- Certificate fingerprints — the same collision issue applies.
md5($password) in legacy code, replace it with password_hash() in PHP or bcrypt/Argon2 in any language. MD5 is not a password hashing algorithm — it was never designed to be slow, and slowness is what makes password hashing secure.
SHA-1 — Deprecated
SHA-1 produces a 160-bit (40 character hex) digest. It replaced MD5 as the recommended algorithm in the late 1990s and was widely used in SSL/TLS certificates, version control systems, and file integrity checks.
In 2017, Google's Project Zero team demonstrated the first practical SHA-1 collision (the "SHAttered" attack), requiring about 6,500 CPU years equivalent of computation. Major browsers and certificate authorities stopped accepting SHA-1 certificates in 2017. Git still uses SHA-1 internally for commit hashes, but they are in the process of migrating to SHA-256 as an optional alternative.
For new applications, do not use SHA-1. Use SHA-256 or SHA-512 instead.
SHA-256 — The Current Standard
SHA-256 is part of the SHA-2 family designed by the NSA and published in 2001. It produces a 256-bit (64 character hex) digest. As of today, no practical collision attack exists against SHA-256.
Use SHA-256 for:
- File integrity verification (software downloads, backups)
- Digital signatures (TLS certificates, code signing)
- HMAC-based authentication tokens (HMAC-SHA256)
- Blockchain and cryptocurrency (Bitcoin uses double SHA-256)
- Git commit hashes in SHA-256 mode
- JWT (JSON Web Token) signatures when using HS256 or RS256
SHA-256 is the right default for almost every application that needs a secure hash. When in doubt, use SHA-256.
SHA-512 — When You Need More
SHA-512 produces a 512-bit (128 character hex) digest. It is part of the same SHA-2 family and is equally secure. The main practical difference:
- On 64-bit processors, SHA-512 can actually be faster than SHA-256 because the algorithm is optimized for 64-bit word sizes
- On 32-bit systems and hardware, SHA-256 is faster
- SHA-512 has a larger output, which means longer storage and transmission
Use SHA-512 when the application requires a larger digest or when you are on hardware where SHA-512 has a performance advantage. For most web applications, SHA-256 is sufficient.
A Note on Password Hashing
None of the algorithms above should be used directly for password storage. MD5, SHA-1, SHA-256, and SHA-512 are all designed to be fast — and fast is exactly wrong for passwords.
Password hashing needs to be deliberately slow, so that a stolen database cannot be cracked quickly. Use purpose-built password hashing algorithms:
- bcrypt — has been the standard for over 20 years, supported in virtually every language
- Argon2 (specifically Argon2id) — winner of the Password Hashing Competition (2015), recommended for new applications
- scrypt — memory-hard, also strong choice
In PHP: password_hash($password, PASSWORD_ARGON2ID). In Node.js: use the bcryptjs or argon2 package. These handle salt generation and work factor tuning automatically.
How to Verify a File Checksum
When you download software and the site provides a SHA-256 hash:
shasum -a 256 downloaded-file.zip
# compare output to the official hash
On Windows (PowerShell):
Get-FileHash downloaded-file.zip -Algorithm SHA256
Alternatively, use our Hash Generator to paste file content or text and calculate MD5, SHA-1, SHA-256, or SHA-512 hashes directly in your browser — nothing is sent to a server.
Generate MD5, SHA-256 and More
Calculate any hash (MD5, SHA-1, SHA-256, SHA-512) from text or file content in your browser — no upload, no server.