Compare security, speed, and use cases for 15 hash and password hashing algorithms.
MD5 (Message-Digest Algorithm 5) produces a 128-bit hash value. It was widely used for checksums and data integrity verification, but is now considered cryptographically broken due to collision vulnerabilities discovered in 2004.
SHA-1 (Secure Hash Algorithm 1) produces a 160-bit hash value. Once the standard for digital signatures and certificates, it was deprecated after Google demonstrated a practical collision attack (SHAttered) in 2017.
SHA-256 is part of the SHA-2 family designed by the NSA. It produces a 256-bit hash and is the most widely used secure hash function today, underpinning TLS/SSL certificates, Bitcoin mining, and digital signatures.
SHA-512 is the 512-bit variant of the SHA-2 family. It provides a larger hash output and is actually faster than SHA-256 on 64-bit systems. Commonly used when a longer hash is desired for additional security margin.
SHA-3-256 is part of the SHA-3 family based on the Keccak algorithm, selected through a NIST competition in 2012. It provides a fundamentally different design from SHA-2, offering an alternative if SHA-2 is ever compromised.
SHA-3-512 is the 512-bit output variant of SHA-3 (Keccak). It offers the longest standard hash output in the SHA-3 family and is used when maximum hash length and algorithm diversity are required.
bcrypt is a password hashing function based on the Blowfish cipher. It includes a built-in salt and configurable cost factor, making it intentionally slow to resist brute-force attacks. It has been the industry standard for password hashing since 1999.
Argon2 is the winner of the 2015 Password Hashing Competition. It comes in three variants: Argon2d (data-dependent), Argon2i (data-independent), and Argon2id (hybrid, recommended). It is the current state-of-the-art for password hashing.
scrypt is a password-based key derivation function designed to be memory-hard, making it expensive to attack with specialized hardware (ASICs and GPUs). It requires significant RAM in addition to CPU time.
PBKDF2 (Password-Based Key Derivation Function 2) applies a pseudorandom function (usually HMAC-SHA256) repeatedly to derive a key. It is widely supported and approved by NIST, but lacks memory-hardness.
HMAC-SHA256 combines SHA-256 with a secret key to produce a keyed hash for message authentication. It verifies both data integrity and authenticity, widely used in APIs, JWTs, and secure communications.
HMAC-SHA512 combines SHA-512 with a secret key for message authentication. It provides a larger MAC output than HMAC-SHA256 and is often faster on 64-bit systems.
CRC32 (Cyclic Redundancy Check) is a non-cryptographic checksum used for error detection in data transmission. It is extremely fast but provides no security — it is trivial to forge a matching CRC32 value.
BLAKE2b is a cryptographic hash function faster than MD5 and SHA-1 while being as secure as SHA-3. It was designed as a faster alternative to SHA-2 and is used in many modern applications including libsodium and WireGuard.
BLAKE3 is a cryptographic hash function released in 2020. It is dramatically faster than all previous hash functions due to tree-based parallelism, while maintaining strong security. It serves as a hash, MAC, KDF, and XOF in one function.