MD5 vs SHA-256 vs bcrypt: Which Hash for Which Job (2026)
MD5, SHA-256, and bcrypt solve different problems. A practical guide to which hash to use for passwords, file integrity, and checksums — with the one mistake that causes breaches.
"Which hash should I use?" is a trick question, because MD5, SHA-256, and bcrypt aren't competing for the same job. Pick the wrong one and you get either a useless checksum or — far worse — a password store that falls in an afternoon. Here's how to choose correctly, and the single mistake that turns a hashing decision into a breach.
The one distinction that matters
There are two completely different reasons to hash something, and they have opposite requirements:
| Feature | Integrity / checksums | Password storage |
|---|---|---|
| Goal | Detect change/corruption | Survive a database leak |
| Speed wanted | As fast as possible | As slow as tolerable |
| Good fit | SHA-256 | bcrypt / Argon2 / scrypt |
| Salt needed | No | Yes |
| Tunable cost | No | Yes |
A checksum wants to be fast: you might verify a million files. A password hash wants to be slow, because the only people who benefit from fast password hashing are attackers running billions of guesses against a stolen database.
MD5 — fast, broken for security, still useful
MD5 produces a 128-bit digest and is cryptographically broken: researchers can generate two different inputs with the same MD5 hash (a collision) cheaply. That kills it for signatures, certificates, or anything where an attacker benefits from forging a match.
But MD5 is fast and produces a short, stable fingerprint, so it still earns its keep for non-adversarial work: cache keys, deduplicating files, quick "did this blob change?" checks where no attacker is trying to engineer a collision.
Generate an MD5 digest for cache keys, dedup, and non-security checksums.
SHA-256 — the right default for integrity
SHA-256 (part of the SHA-2 family) produces a 256-bit digest with no practical collision attacks. It's the workhorse for:
- File integrity — publish a SHA-256 next to a download so users can verify it wasn't tampered with.
- Digital signatures & certificates — the hash that gets signed.
- Content addressing — Git, container layers, and blockchains identify content by SHA-style hashes.
- HMAC — SHA-256 is the usual inner hash for message authentication codes.
It's fast and secure for these uses precisely because integrity doesn't care about speed the way password storage does.
Hash text or verify a checksum against a published SHA-256 digest.
Sign a message with a secret key (HMAC-SHA256) for webhooks and API auth.
bcrypt — built to be slow, on purpose
bcrypt is a password-hashing function with three properties MD5 and SHA-256 lack:
- A built-in salt, so identical passwords produce different hashes and rainbow tables are useless.
- A tunable cost factor (the "rounds"), so you can make each hash take ~100–250 ms today and crank it up as hardware gets faster.
- Deliberate slowness, which barely affects a single legitimate login but multiplies an attacker's cost by billions.
Hash a password with a chosen cost factor, or check a password against an existing bcrypt hash.
Quick decision guide
| Feature | Use… | Don't use… |
|---|---|---|
| Storing user passwords | bcrypt / Argon2 | MD5, SHA-256 |
| File / download integrity | SHA-256 | MD5 |
| Signing API requests | HMAC-SHA256 | Plain SHA-256, MD5 |
| Cache key / dedup fingerprint | MD5 (fast, fine) | bcrypt (pointlessly slow) |
| Legacy checksum to match | Whatever it specifies | A 'more secure' substitute |
The takeaway
"Stronger" is the wrong axis. The right question is what are you defending against. Defending a download against corruption? SHA-256, and speed is a bonus. Defending a password store against an attacker who already has your database? bcrypt, and slowness is the whole point. Reach for MD5 only when there's no adversary at all.
Explore every hashing, checksum, and credential utility in one place: the Security & Hash Tools hub.
Related reading
Recommended tools for this topic
Explore focused tools and use-case pages related to this article.