Security 6 Jul 2026 7 min read

What Is a Checksum? MD5, SHA-1, SHA-256 Explained

A checksum is a short fingerprint that lets you verify a file has not been modified or corrupted. Understanding which hash algorithm to use — and where MD5 falls short — saves you from common security mistakes.

Checksum guide: MD5, SHA-1, SHA-256 hash functions explained

What Is a Checksum?

A checksum is a fixed-length string derived from a piece of data by running it through a hash function. The checksum acts as a fingerprint: if even a single bit of the original data changes, the checksum changes completely. This makes checksums useful for two things:

  • Integrity verification — did this file arrive without corruption or tampering?
  • Identity — is this exact file (or piece of data) the same as another copy?

When you download software from an official site, the download page often shows an MD5 or SHA-256 hash. After downloading, you calculate the hash of your local file and compare. If they match, the file is intact.

How a Hash Function Works

A cryptographic hash function takes input of any length and outputs a fixed-length digest. Four properties define a good hash function:

  • Deterministic — the same input always produces the same output
  • One-way — you cannot reverse a hash back to the original input (in any reasonable time)
  • Avalanche effect — changing one character in the input changes roughly half of the output bits
  • Collision-resistant — it should be computationally infeasible to find two different inputs that produce the same hash
Example — SHA-256 avalanche effect:
SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
SHA-256("Hello") = 185f8db32921bd46d35e3a1a4e9a9b9c6a7e6a7d2d2c4e9d... (completely different)

MD5 — Fast, Familiar, and Broken for Security

MD5 (Message Digest Algorithm 5) produces a 128-bit (32 character hex) digest. It was designed in 1991 and became the default checksum algorithm on the internet for about two decades.

Where MD5 is still acceptable:

  • Non-security integrity checks — verifying a large file transfer was not corrupted in transit
  • Deduplication — checking if two files are identical (as a fast pre-check before a byte-by-byte compare)
  • Cache keys and ETags where collision attacks are not a concern

Where MD5 is not acceptable:

  • Password storage — MD5 is extremely fast, which makes brute-force attacks via GPU trivial. Billions of MD5 hashes per second are achievable with consumer hardware.
  • Digital signatures — MD5 collision attacks have been demonstrated in practice. Two different files can be crafted to have the same MD5 hash.
  • Certificate fingerprints — the same collision issue applies.
MD5 for passwords is a critical vulnerability. If you find md5($password) in legacy code, replace it with password_hash() in PHP or bcrypt/Argon2 in any language. MD5 is not a password hashing algorithm — it was never designed to be slow, and slowness is what makes password hashing secure.

SHA-1 — Deprecated

SHA-1 produces a 160-bit (40 character hex) digest. It replaced MD5 as the recommended algorithm in the late 1990s and was widely used in SSL/TLS certificates, version control systems, and file integrity checks.

In 2017, Google's Project Zero team demonstrated the first practical SHA-1 collision (the "SHAttered" attack), requiring about 6,500 CPU years equivalent of computation. Major browsers and certificate authorities stopped accepting SHA-1 certificates in 2017. Git still uses SHA-1 internally for commit hashes, but they are in the process of migrating to SHA-256 as an optional alternative.

For new applications, do not use SHA-1. Use SHA-256 or SHA-512 instead.

SHA-256 — The Current Standard

SHA-256 is part of the SHA-2 family designed by the NSA and published in 2001. It produces a 256-bit (64 character hex) digest. As of today, no practical collision attack exists against SHA-256.

Use SHA-256 for:

  • File integrity verification (software downloads, backups)
  • Digital signatures (TLS certificates, code signing)
  • HMAC-based authentication tokens (HMAC-SHA256)
  • Blockchain and cryptocurrency (Bitcoin uses double SHA-256)
  • Git commit hashes in SHA-256 mode
  • JWT (JSON Web Token) signatures when using HS256 or RS256

SHA-256 is the right default for almost every application that needs a secure hash. When in doubt, use SHA-256.

SHA-512 — When You Need More

SHA-512 produces a 512-bit (128 character hex) digest. It is part of the same SHA-2 family and is equally secure. The main practical difference:

  • On 64-bit processors, SHA-512 can actually be faster than SHA-256 because the algorithm is optimized for 64-bit word sizes
  • On 32-bit systems and hardware, SHA-256 is faster
  • SHA-512 has a larger output, which means longer storage and transmission

Use SHA-512 when the application requires a larger digest or when you are on hardware where SHA-512 has a performance advantage. For most web applications, SHA-256 is sufficient.

A Note on Password Hashing

None of the algorithms above should be used directly for password storage. MD5, SHA-1, SHA-256, and SHA-512 are all designed to be fast — and fast is exactly wrong for passwords.

Password hashing needs to be deliberately slow, so that a stolen database cannot be cracked quickly. Use purpose-built password hashing algorithms:

  • bcrypt — has been the standard for over 20 years, supported in virtually every language
  • Argon2 (specifically Argon2id) — winner of the Password Hashing Competition (2015), recommended for new applications
  • scrypt — memory-hard, also strong choice

In PHP: password_hash($password, PASSWORD_ARGON2ID). In Node.js: use the bcryptjs or argon2 package. These handle salt generation and work factor tuning automatically.

How to Verify a File Checksum

When you download software and the site provides a SHA-256 hash:

On macOS / Linux:
shasum -a 256 downloaded-file.zip
# compare output to the official hash
On Windows (PowerShell):
Get-FileHash downloaded-file.zip -Algorithm SHA256

Alternatively, use our Hash Generator to paste file content or text and calculate MD5, SHA-1, SHA-256, or SHA-512 hashes directly in your browser — nothing is sent to a server.

Generate MD5, SHA-256 and More

Calculate any hash (MD5, SHA-1, SHA-256, SHA-512) from text or file content in your browser — no upload, no server.