Common Hash Functions and Their Characteristics

MD5 (Message Digest 5) produces 128-bit hashes and was widely used for password storage until critical vulnerabilities emerged. Designed in 1991, MD5 prioritized speed over security, processing data at impressive rates. However, researchers found collision attacks in 2004, and modern GPUs can compute billions of MD5 hashes per second. While MD5 remains useful for checksums, it's catastrophically insecure for password storage.

SHA-1 (Secure Hash Algorithm 1) generates 160-bit hashes and succeeded MD5 as the standard hash function. Like MD5, SHA-1 prioritized performance and became ubiquitous in security applications. However, theoretical attacks emerged in 2005, and practical collisions were demonstrated in 2017. Google's announcement of SHA-1 collisions definitively ended its use for security-critical applications, though legacy systems unfortunately continue using it.

SHA-2 family includes SHA-224, SHA-256, SHA-384, and SHA-512, producing hashes of corresponding bit lengths. Designed by the NSA and published in 2001, SHA-2 addresses SHA-1's weaknesses through improved internal structure. SHA-256 has become the de facto standard for many applications, offering excellent security with reasonable performance. However, SHA-2's speed makes it unsuitable for password hashing without additional protections like key stretching.