Comparison Algorithm choice
Hash Algorithm Comparison Table
Pick algorithms by task, not by name recognition. Fast checksums, cryptographic hashes, MACs, and password KDFs solve different problems.
| Algorithm | Output | Status and Caveat | Password | File Integrity | Authentication | Common Uses | Alternative |
|---|---|---|---|---|---|---|---|
| MD5 | 128 bits | Broken for collision resistance | No | Legacy only | No | Legacy checksums | SHA-256 |
| SHA-1 | 160 bits | Broken for collision resistance | No | Legacy only | No | Legacy identifiers | SHA-256 |
| SHA-256 | 256 bits | Strong general-purpose hash when used correctly | No | Yes | With HMAC | File integrity and signatures | SHA-512 or BLAKE3 when useful |
| SHA-512 | 512 bits | Strong general-purpose hash when used correctly | No | Yes | With HMAC | High-security integrity | SHA-256 for smaller output |
| SHA3-256 | 256 bits | Strong SHA-3 hash when used correctly | No | Yes | With KMAC/HMAC | SHA-3 ecosystems | SHA-256 for compatibility |
| Keccak-256 | 256 bits | Strong hash, but not interchangeable with SHA3-256 | No | Ethereum-specific | No | Ethereum and Solidity workflows | SHA3-256 outside Ethereum |
| BLAKE3 | 256 bits default | Modern hash with strong public analysis | No | Yes | Keyed mode available | Fast file hashing | SHA-256 for broad compatibility |
| CRC32 | 32 bits | Non-cryptographic | No | Accidental errors only | No | ZIP and protocol checksums | SHA-256 for tamper resistance |
| HMAC-SHA256 | 256 bits | Strong MAC when the key is secret and random | No | Yes | Yes | API and message authentication | KMAC in SHA-3 systems |
| bcrypt | Encoded string | Password KDF | Yes | No | No | Password storage | Argon2id for new systems |
| scrypt | Variable | Password KDF | Yes | No | No | Memory-hard password hashing | Argon2id |
| Argon2id | Variable | Password KDF | Yes | No | No | Modern password storage | bcrypt for compatibility |