Hash Algorithm Comparison: MD5, SHA1, SHA2 & SHA3
Add some hash to your data! Explore four flavors of one of the key ingredients of effective cybersecurity in this hash algorithm comparison article. Learn about their distinct properties and characteristics, and how they can make a difference to your organization’s data security and privacy compliance
We’re living in a time where the lines between the digital and physical worlds are blurring quickly. Knowing this, it’s more important than ever that every organization secures its sensitive data and other information against cyberattacks and data breaches.
In 2020, 86% of organizations suffered a successful cyberattack, and 69% were compromised by ransomware. But what can do you to protect your data? Secure hashing algorithms are seen as strong and invaluable components against breaches and malware infections.
Which hashing algorithm is the right one for you? There are so many types out there that it has become difficult to select the appropriate one for each task. That’s why we’re going to present you with the following:
 A sidebyside comparison of the most wellknown or common hash algorithms,
 A more detailed overview of their key characteristics, and
 Our perspective regarding their strengths and weaknesses.
The Ultimate Hash Algorithm Comparison: MD5 vs. SHA1 vs. SHA2 vs. SHA3
Before we start, let’s define what a hash algorithm is in a few simple words: A hash is a oneway mathematical function (i.e., it can’t be reverse engineered) that converts the input into an unreadable data string output of a set length. For example, you could take the phrase “you are my sunshine” and an entire library of books and apply a hash algorithm to each — both will result in an output of the same size. Hashing functions are largely used to validate the integrity of data and files.
The idea of hashing was firstly introduced by Hans Peter Luhn in 1953 in his article “A new method of recording and searching information” Many things have changed since then, and several new algorithms have come to light to help us keep pace with rapidly changing technologies. Today, there are so many hash algorithms that it can sometimes be confusing or overwhelming!
This is where our hash algorithm comparison article comes into play. We’ve rounded up the bestknown algorithms to date to help you understand their ins and out, and clarify your doubts, in a breeze. Let’s start with a quick overview of these popular hash functions.
Hash Algorithm Comparison Table: MD5, SHA1, SHA2, SHA3
Keys for Comparison  MD5  SHA1  SHA2 (224 & 256/384 & 512)  SHA3 (224/256/384/512) 

Available Since  1992  1995  2002  2008 
Block Size 
512 bits  512 bits  512/1024 bits 
1152/1088/8 32/576 bits (this is referred to as a Rate [R] for SHA3 algorithms) 
Hash Digest Size (Output) 
128 bits (i.e., 16 bytes), or 32 hexadecimal digits  160 bits (i.e., 20 bytes), or 40 hexadecimal digits  256 bits (i.e., 32 bytes), or 64 hexadecimal digits/512 bits (i.e., 64 bytes), or 128 hexadecimal digits  224/256/384/512 bits (i.e., 28/32/48/64 bytes), or 56/64/96/128 hexadecimal digits 
Rounds of Operations 
64  80 (4 groups of 20 rounds)  64 (for SHA224 and SHA256)/80 (SHA0384/SHA512)  24 
Construction 
Merkle–Damgård  Merkle–Damgård  Merkle–Damgård  Sponge (Keccak) 
Collision Level 
High — They can be found in seconds, even using an ordinary home computer.  Cheap and easy to find as demonstrated by a 2019 study.  Low — No known collisions found to date.  Low 
Successful Attacks  Many. Researchers showed concrete evidence in 2004.  Yes, many. The first one called SHAttered happened in 2017.  SHA256 has never been broken.  Few collision type attacks have been demonstrated. 
Common Weaknesses 
Vulnerable to collisions.  Vulnerable to collisions.  Susceptible to preimage attacks. 
Susceptible to:

Security Level  Low  Low  High  High 
ApplicationsApplications  Previously used for data encryption, MD5 is now mostly used for verifying the integrity of files against involuntary corruption.  Previously widely used in TLS and SSL. Still used for HMAC (even if it’s recommended to move to a more secure algorithm), and for verifying the integrity of files against involuntary corruption. 
Widely used in:

Used to replace SHA2 when necessary (in specific circumstances). 
Deprecated? 
Yes  Yes 
No 
No 
1. MessageDigest Algorithm 5 (MD5)
A simplified diagram that illustrates how the MD5 hashing algorithm works. Each round involves 16 operations.
One of the oldest algorithms widely used, M5 is a oneway cryptographic function that converts messages of any lengths and returns a string output of a fixed length of 32 characters. An example of an MD5 hash digest output would look like this: b6c7868ea605a8f951a03f284d08415e.
How? In five steps, according to the Internet Internet Engineering Task Force’s (IETF) RFC 1321:
1. Add padding bits to the original message. You’ll extend the total length of the original input so it’s 64 bits short of any multiple of 512 (i.e., 448 mod 512).
2. Add lengths bits to the end of the padded message. With this operation, the total number of bits in the message becomes a multiple of 512 (i.e., 64 bits).
3. Initialize MD buffer to compute the message digest. This algorithm requires a 128 bits buffer with a specific initial value. The buffer is then divided into four words (A, B, C, D), each of which represents a separate 32bit register.
4. Process each data block using operations in multiple rounds. Each block is processed using four rounds of 16 operations and adding each output to form the new buffer value.
5. Produce a final 128 bits hash value. The final buffer value is the final output.
MD5 hash value for CodeSigningStore.com
In summary, the original input is broken up into fixedsized blocks, then each one is processed through the compression function alongside the output of the prior round. The final output is a 128 bits message digest.
It’s important to highlight that, even if it was deemed secure at the beginning, MD5 is no longer considered as such according to IETF’s security considerations included in the RFC 6151.
Pros of MD5  Cons of MD5 

Easy way to compare and store smaller hashes.  Slower than other algorithms (which can be good in certain applications), but faster than SHA1. 
Useful when you have to compare files or codes to identify any types of changes.  Much less secure and vulnerable to collisions. 
It’s easy to obtain the same hash function for two distinct inputs. 
2. SHA1 (Secure Hash Algorithm 1)
A simplified overview diagram that illustrates how the SHA1 hashing algorithm works. Each of the four rounds involves 20 operations.
Developed by the NSA (National Security Age), SHA1 is one of the several algorithms included under the umbrella of the “secure hash algorithm” family. In a nutshell, it’s a oneway cryptographic function that converts messages of any lengths and returns a 160 bits hash value as a 40 digits long hexadecimal number. This will look along the lines of this: 0aa12c48afc6ff95c43cd3f74259a184c34cde6d.
Its structure is similar to MD5, but the process to get the messagedigest is more complex as summarized in the steps listed below:
1. Add padding bits to the original message. You’ll extend the total length of the original input so it’s 64 bits short of any multiple of 512 (i.e., 448 mod 512).
2. Add length bits to the end of the padded message. With this operation, the total number of bits in the message becomes a multiple of 512 (i.e., 64 bits).
3. Initialize MD buffers to compute the message digest. This algorithm requires two buffers and a long sequence of 32bit words:
 The two five 32bit registers (“A, B, C, D, E” and “H0, H1, H2, H3, H4”) have specific initial values, and
 The sequence of 80 32bit words (W[0], W[1], W[2]… W[68], W[69]).
4. Process the message in successive 512 bits blocks. Each block goes through a complex process of expansion and 80 rounds of compression of 20 steps each. The value obtained after each compression is added to the current buffer (hash state).
5. Produce a final 160 bits hash value. After the last block is processed, the current hash state is returned as the final hash value output.
SHA1 hash value for CodeSigningStore.com
SHA1 shouldn’t be used for digital signatures or certificates anymore. Theoretically broken since 2005, it was formally deprecated by the National Institute of Standards and Technology (NIST) in 2011. In 2017, SHA1 was officially broken (SHAttered) by Google’s academics, who managed to produce two files with the same hash.
Pros of SHA1  Cons of SHA1 

It’s a slow algorithm. This characteristic made it useful for storing password hashes as it slows down brute force attacks.  Slower than other algorithms, therefore unsuitable for many purposes other than password storage (e.g., when establishing secure connections to websites or comparing files). 
It can be used to compare files or codes to identify unintentional only corruptions.  Less secure with many vulnerabilities found during the years. 
Can replace SHA2 in case of interoperability issues with legacy codes.  Collisions are easy and cheap to find. 
Key length too short to resist to attacks. 
3. SHA2 (Secure Hash Algorithm 2) Family of Algorithms
A simplified diagram that illustrates how the SHA2 hashing algorithm works.
The successor of SHA1, approved and recommended by NIST, SHA2 is a family of six algorithms with different digest sizes:
 SHA224 (truncated version of SHA256 computed with different initial values),
 SHA256,
 SHA384 (truncated version of SHA512 computed with different initial values),
 SHA512,
 SHA512/224 (truncated version of SHA512),
 SHA512/256 (truncated version of SHA512).
SHA256 is widely used, particularly by U.S. government agencies to secure their sensitive data. Much stronger than SHA1, it includes the most secure hashing algorithm available to the time of writing: SHA256, also used in Bitcoin transactions.
How the SHA256 Hashing Algorithm Works
As an example, let’s have a look to how the most used algorithm of the family (SHA256) works, according to the IETF’s RFC 6234. Once again, the process is similar to its predecessors, but with some added complexity. Here’s a simplified overview:
1. Add padding bits to the original message. You’ll extend the total length of the original input so it’s 64 bits short of any multiple of 512 (i.e., 448 mod 512). So, you’ll need to add a 1 and a bunch of 0s until it equals 448 bits.
2. Add length bits to the end of the padded message. 64 bits are appended to the end of the padded message so that it becomes a multiple of 512.
3. Initialize MD buffer to compute the message digest. The buffer is represented as eight 32bit registers (A, B, C, D, E, F, G, H).
4. Process the message in successive 512 bits blocks. The message is broken into 512 bits chunks, and each chunk goes through a complex process and 64 rounds of compression. The value obtained after each compression is added to the current hash value.
5. Produce a final 256 bits (or 512) hash value. The final hash value or digest is concatenated (linked together) based on all of the chunk values resulting from the processing step.
For a closer look at the stepbystep process of SHA256, check out this great article on SHA256 by Qvault that breaks it all down.
SHA256 hash value for CodeSigningStore.com
Pros of SHA2  Cons of SHA2 

It’s resistant to collision, to preimage and secondpreimage attacks.  SHA256 is slower than its predecessors. 
It addresses SHA1’s weaknesses.  Some software may need updating to support SHA2 encryption. 
SHA256 is supported by the latest browsers, OS platforms, mail clients and mobile devices.  
It generates a longer hash value, offering a higher security level making it the perfect choice for validating and signing digital security certificates and files. 
If you want to know more about the SHA2 family, check the official SHA2 standard paper published by NIST
4. SHA3 (Secure Hash Algorithm 3) Family of Algorithms
SHA3 is the latest addition to the SHA family. Developed via a public competition promoted by NIST, it’s part of the same standard while being completely different from MD5, SHA1 and SHA2.
SHA3 is based on a new cryptographic approach called sponge construction, used by Keccak. Basically, the data are “absorbed” into the sponge, then the result is “squeezed” out, just like a sponge absorbs and releases water.
It’s important to note that NIST doesn’t see SHA3 as a full replacement of SHA2; rather, it’s a way to improve the robustness of its overall hash algorithm toolkit.
SHA3 is a family of four algorithms with different hash functions plus two extendable output functions can be used for domain hashing, randomized hashing, stream encryption, and to generate MAC addresses:
 SHA3224,
 SHA3256,
 SHA3384,
 SHA3512,
 SHAKE128 (output function), and
 SHAKE256 (output function).
How the SHA3224 Hashing Algorithm Works
A simplified diagram that illustrates how one of the SHA3 hashing algorithms works. The “R” and “C” represent the rate and capacity of the hashing algorithm.
How does it work? We’ll base our example on one member of the SHA3 family: SHA3224.
1. Add padding bits to the original message. This way the total length is an exact multiple of the rate of the corresponding hash function. In this case, as we’ve chosen SHA3224, it must be a multiple of 1152 bits (144 bytes). The SHA3 process largely falls within two main categories of actions: “absorbing” and “squeezing,” each of which we’ll discuss in the next sections.
2. Absorb the padded message values to start calculating the hash value. The padded message is partitioned into fixed size blocks. Then each block goes through a series of permutation rounds of five operations a total of 24 times. At the end, we get an internal state size of 1600 bits.
3. Squeeze to extract the hash value. This is where the message is extracted (squeezed out). The 1600 bits obtained with the absorption operation is segregated on the basis of the related rate and capacity (the “r” and “c” we mentioned in the image caption above).
4. Produce the final hash value. Finally, the first 224 bits are extracted from the 1152 bits (SHA3224’s rate). The extracted value of 224 bits is the hash digest of the whole message.
SHA3224 hash value for CodeSigningStore.com
Pros of SHA3  Cons of SHA3 

It’s flexible as it allows variable lengths for the input and output, making it ideal for a hash function.  Susceptible to collision attacks. 
Its instances use a single permutation for all security strengths, cutting down implementation costs.  Much slower than SHA2 (software only issue). 
The SHA3 family of algorithms enables performancesecurity tradeoffs by choosing the suitable capacityrate pair.  Lack of hardware and software support. 
Not vulnerable to length extension attacks.  
Much faster than its predecessors when cryptography is handled by hardware components. 
More information about the SHA3 family is included in the official SHA3 standard paper published by NIST.
We hope that this hash algorithm comparison article gives you a better understanding of these important functions. This way, you can choose the best tools to enhance your data protection level.
Hashing has become an essential component of cybersecurity and is used nearly everywhere. From digital signatures to password storage, from signing certificates (for codes, emails, and documents) to SSL/TLS certificates, just to name some. However, no algorithm will last forever, therefore it’s important to be always up to date with the latest trends and hash standards. Thinking about it… what about the future?
The Future of Hash Algorithms
As technology gets more sophisticated, so do the bad guys. And the world is evolving fast. From digital currencies to augmented and virtual reality, from the expansion of IoT to the raise of metaverse and quantum computing, these new ecosystems will need highly secure hash algorithms.
This means that the question now isn’t if we’ll still need hash algorithms; rather, it’s about whether the actual secure algorithms (e.g., SHA256, still unbroken) will withstand future challenges.
Take quantum computing for example: with its high computational power and speed, it’s easy to figure out that sooner or later a quantum computer large enough may compromise today’s best hash algorithms. However, there is good news regarding the impact of quantum computing on hash algorithms:
 Quantum computing isn’t here yet,
 Quantum computing is thought to impact public key encryption algorithms (not hashing algorithms like SHA256 or SHA3), and
 SHA256 is thought to be quantum resistant.
To be on the safe side, though, NIST is already gearing up for the migration to postquantum cryptography.
Final Thoughts on Hash Algorithm Comparison MD5, SHA1, SHA2 & SHA3
While it will be obviously impossible for organizations to go back and keep the digital and physical worlds separated, there are ways to address the challenging threats coming from quickly evolving technology and this new, hybrid world.
Hash algorithms aren’t the only security solution you should have in your organization’s defense arsenal. However, they’re certainly an essential part of it. We hope that this hash algorithm comparison has helped you to better understand the secure hash algorithm world and identify the best hash functions for you.
No hash algorithm is perfect, but they’re constantly being improved to keep up with the attacks from increasingly sophisticated threat actors. Don’t waste any more time — include the right hash algorithms in your security strategy and implementations. Future proof your data and organization now!